Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trojanized SSH Daemon In the Wild, Sending Passwords To Iceland

Posted by timothy on Friday January 25, 2013 @06:01PM from the in-iceland-they-get-massages dept.

An anonymous reader writes "It is no secret that SSH binaries can be backdoored. It is nonetheless interesting to see analysis of real cases where a trojanized version of the daemon are found in the wild. In this case, the binary not only lets the attacker log onto the server if he has a hardcoded password, the attacker is also granted access if he/she has the right SSH key. The backdoor also logs all username and passwords to exfiltrate them to a server hosted in Iceland."

1 of 171 comments (clear)

Min score:

Reason:

Sort:

Tip by detritus. · 2013-01-25 18:29 · Score: 5, Informative

I cleaned up an a backdoored Debian system after discovering md5 sum mismatches on all the ssh binaries from the original packages some time ago.
debsums is a nice utility to check this for you, granted that the attackers didn't modify the signing keys and installed their own package.