copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Publications » AusCERT Web Log » A new threat
 

A new threat
Date: 29 August 2008

Click here for printable version

Hi all,

A generally quiet week this week, however it has ended on a bit of a downer for linux users. Those SSH keys that were compromised earlier are being used to install a rootkit known as 'phalanx2' (unsurprisingly a newer version of the phalanx root kit). Phalanx2 then steals SSH keys from the system and reports back for further attacks.

At the moment it's a little sketchy as to whether phalanx2 can only steal passwordless SSH keys or if it keylogs passwords, but either way, not a good thing to have on your system.

US-CERT has some handy information for detecting phalanx2 (if you can 'cd /etc/khub.p2' but you can't 'ls /etc/khub.p2', you might want to read up on that) along with a checklist of what to do if it is found on your systems.

Have a good weekend!

MB


Comments? Click here http://www.auscert.org.au/render.html?cid=7066&it=9772