Slashdot Mirror

← Back to Stories (view on slashdot.org)

Compromised SSH Keys Lead To Linux Rootkit Attack

Posted by timothy on from the bad-childhoods-keep-on-giving dept.

Tech Groupie writes "The US Computer Emergency Readiness Team (CERT) has issued a warning for what it calls 'active attacks' against Linux-based computing infrastructures using compromised SSH keys. The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to gain root access. Once root access has been obtained, a rootkit known as 'phalanx2' is installed."

9 of 79 comments (clear)

  1. This just in: by Cocoronixx · · Score: 5, Funny

    Stolen login credentials leads to unauthorized access of computer resources!

    --
    "Obscenity is the crutch of the inarticulate motherfucker." - cloak42
    1. Re:This just in: by Anonymous Coward · · Score: 1, Funny

      I only eyeball the packets that have the evil bit set.

  2. Re:and by Anonymous Coward · · Score: 1, Funny

    I placed a condom between my ethernet cable and my NIC. This seems to have blocked all incursions.

  3. Re:As usual... by Westech · · Score: 3, Funny

    Change your keys regularly, and revoke the key as soon as you have the slightest doubt it's been compromised.

    /me gives Redhat a dirty look.

  4. New attack vector! by betterunixthanunix · · Score: 2, Funny

    This new attack relies on an attacker compromising login credentials. Then, the compromised login is used to install a rootkit on the target system.

    This may rival the DNS vulnerability.

    --
    Palm trees and 8
  5. Re:and by MarkTraceur · · Score: 3, Funny

    Dude, that's like building an electronic voting machine and putting anti-virus software on it.

    No, wait...

  6. Re:and by Nick+Ives · · Score: 2, Funny

    Condoms are only effective at reducing relative risk vs unprotected connections by about 70 to 85% - source. As always, the only safe way is abstinence! Not that anyone around here will listen to that; I bet most /.'ers are in promiscuous mode...

    --
    Nick
  7. I am invulnerable to this attack! by Anonymous Coward · · Score: 2, Funny

    I have sucessfully computed a easy and 100% affective plan to stop this attack I have cleared the cookies, defragmented the memory drive, emptyed the recycle bin and set the Internet security zone to 'high'. Last off all I downloaded the latest Linux Kernal and extracted it to C drive.

    Now it will not affect me i advice everyone else just follow these simple steps and you will be safe to.

  8. Re:and by mhall119 · · Score: 2, Funny

    Does that make abstinence preconceived murder?

    --
    http://www.mhall119.com