[SCADASEC] Attackers Targeting Linux Infrastructures With Rootkit to Steal SSH Keys
Bob Radvanovsky
rsradvan at unixworks.net
Wed Aug 27 09:55:52 CDT 2008
> http://www.eweek.com/c/a/Security/Attackers-Targeting-Linux-Infrastructures-With-Rootkit-to-Steal-SSH-Keys/
>
> By Brian Prince
> eWEEK.com
> 2008-08-26
>
> U.S.-CERT is warning of attacks targeting Linux-based infrastructures
> using compromised SSH keys. After access is gained to the system, local
> kernel exploits are used to gain root access. A rootkit is then
> installed to steal more SSH keys. The attack could be related to a flaw
> affecting Debian-based encryption keys discovered earlier this year.
>
> Hackers are launching attacks against Linux-based computing
> infrastructures using compromised SSH [Secure Shell] keys and installing
> rootkits, according to a warning by the U.S. Computer Emergency
> Readiness Team (US-CERT).
>
> According to US-CERT, the attack uses stolen SSH keys to access a
> system, and then local kernel exploits to gain root access. At that
> point, a rootkit known as phalanx2 is installed.
>
> [...]
>
More information about the scadasec
mailing list