Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trojanized SSH Daemon In the Wild, Sending Passwords To Iceland

Posted by timothy on from the in-iceland-they-get-massages dept.

An anonymous reader writes "It is no secret that SSH binaries can be backdoored. It is nonetheless interesting to see analysis of real cases where a trojanized version of the daemon are found in the wild. In this case, the binary not only lets the attacker log onto the server if he has a hardcoded password, the attacker is also granted access if he/she has the right SSH key. The backdoor also logs all username and passwords to exfiltrate them to a server hosted in Iceland."

8 of 171 comments (clear)

  1. SSH Got Bjorked? by Penguinshit · · Score: 5, Funny

    Somebody had to say it.

    --

    I have something in common with Stephen Hawking...

    1. Re:SSH Got Bjorked? by ghmh · · Score: 4, Funny

      And until now it was oh, so quiet!

    2. Re: SSH Got Bjorked? by Anonymous Coward · · Score: 2, Funny

      Warner Bros. Records.

  2. Re:Tip by davester666 · · Score: 5, Funny

    If there is one thing I truly dislike, it's getting backdoored.

    --
    Sleep your way to a whiter smile...date a dentist!
  3. Re:Tip by Ford+Prefect · · Score: 4, Funny

    I will ALWAYS find your rootkit. This is because you're trapped in a VM, and I can always checksum the files from another uncompromised system (LiveCD / USB).

    This is, of course, assuming that you yourself are not running on another compromised virtual machine.

    (There was one hack I was involved in where an investigator tried to get clever and started calculating MD5 checksums with a universal Turing machine operated using pencil and paper. Fortunately, I'd already trojaned base logic itself and managed to subvert alphanumeric characters to return the 'correct' values. Hacking the logical representations of arabic numerals? Now that's pretty advanced stuff. But then, there's always the worry that my own consciousness is running on something other than what I think is my own brain...)

    --
    Tedious Bloggy Stuff - hooray?
  4. Re:If it weren't for the mention of Iceland by maxwell+demon · · Score: 4, Funny

    Thankfully most script kiddies are exactly that, and their script left the source on the machine for me to review. Why?

    Maybe it was an Open Source client, and they had to give you the source code to comply? :-)

    --
    The Tao of math: The numbers you can count are not the real numbers.
  5. Re:Gather passwords with ssh? Hah! by maxwell+demon · · Score: 3, Funny

    So you don't password-protect your private key?

    --
    The Tao of math: The numbers you can count are not the real numbers.
  6. they should have installed a java version of ssh by cheekyboy · · Score: 1, Funny

    If they installed a java version of SSH, it would be ultra secure, but you need 750meg of ram for each ssh session.

    Go Oracle, Larry is elite.

    --
    Liberty freedom are no1, not dicks in suits.