|
|
A new threat |
|
Date: 29 August 2008 Original URL: http://www.auscert.org.au/render.html?cid=7066&it=9772 Hi all, A generally quiet week this week, however it has ended on a bit of a downer for linux users. Those SSH keys that were compromised earlier are being used to install a rootkit known as 'phalanx2' (unsurprisingly a newer version of the phalanx root kit). Phalanx2 then steals SSH keys from the system and reports back for further attacks. At the moment it's a little sketchy as to whether phalanx2 can only steal passwordless SSH keys or if it keylogs passwords, but either way, not a good thing to have on your system. US-CERT has some handy information for detecting phalanx2 (if you can 'cd /etc/khub.p2' but you can't 'ls /etc/khub.p2', you might want to read up on that) along with a checklist of what to do if it is found on your systems. Have a good weekend! MB |