AOH :: IS1052.HTM

Attackers Targeting Linux Infrastructures With Rootkit to Steal SSH Keys




Attackers Targeting Linux Infrastructures With Rootkit to Steal SSH Keys
Attackers Targeting Linux Infrastructures With Rootkit to Steal SSH Keys



http://www.eweek.com/c/a/Security/Attackers-Targeting-Linux-Infrastructures-With-Rootkit-to-Steal-SSH-Keys/ 

By Brian Prince
eWEEK.com
2008-08-26 

U.S.-CERT is warning of attacks targeting Linux-based infrastructures 
using compromised SSH keys. After access is gained to the system, local 
kernel exploits are used to gain root access. A rootkit is then 
installed to steal more SSH keys. The attack could be related to a flaw 
affecting Debian-based encryption keys discovered earlier this year.

Hackers are launching attacks against Linux-based computing 
infrastructures using compromised SSH [Secure Shell] keys and installing 
rootkits, according to a warning by the U.S. Computer Emergency 
Readiness Team (US-CERT).

According to US-CERT, the attack uses stolen SSH keys to access a 
system, and then local kernel exploits to gain root access. At that 
point, a rootkit known as phalanx2 is installed.

[...]


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/ 

Site design & layout copyright © 1986-2014 CodeGods