[ISN] Attackers Targeting Linux Infrastructures With Rootkit to Steal SSH Keys

From: InfoSec News <alerts_at_private>
Date: Wed, 27 Aug 2008 00:28:14 -0500 (CDT)

By Brian Prince

U.S.-CERT is warning of attacks targeting Linux-based infrastructures 
using compromised SSH keys. After access is gained to the system, local 
kernel exploits are used to gain root access. A rootkit is then 
installed to steal more SSH keys. The attack could be related to a flaw 
affecting Debian-based encryption keys discovered earlier this year.

Hackers are launching attacks against Linux-based computing 
infrastructures using compromised SSH [Secure Shell] keys and installing 
rootkits, according to a warning by the U.S. Computer Emergency 
Readiness Team (US-CERT).

According to US-CERT, the attack uses stolen SSH keys to access a 
system, and then local kernel exploits to gain root access. At that 
point, a rootkit known as phalanx2 is installed.


Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
Received on Tue Aug 26 2008 - 22:28:14 PDT

This archive was generated by hypermail 2.2.0 : Tue Aug 26 2008 - 22:32:48 PDT