Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trojanized SSH Daemon In the Wild, Sending Passwords To Iceland

Posted by timothy on Friday January 25, 2013 @06:01PM from the in-iceland-they-get-massages dept.

An anonymous reader writes "It is no secret that SSH binaries can be backdoored. It is nonetheless interesting to see analysis of real cases where a trojanized version of the daemon are found in the wild. In this case, the binary not only lets the attacker log onto the server if he has a hardcoded password, the attacker is also granted access if he/she has the right SSH key. The backdoor also logs all username and passwords to exfiltrate them to a server hosted in Iceland."

1 of 171 comments (clear)

Min score:

Reason:

Sort:

Re:Iceland? How hard could it be? by WWJohnBrowningDo · 2013-01-25 18:21 · Score: 5, Insightful

Just because the server is in Iceland doesn't mean the perpetrator is.

In all likelihood the server is just another compromised machine.