[dundee] phalanx2 rootkit installed via stolen SSH keys
gordon dunlop
astrozubenel at googlemail.com
Wed Aug 27 21:21:32 UTC 2008
An interesting article for the security minded. Hackers try to implant
a phalanx2 root kit via stolen SSH keys on Linux infrastructure
systems. It can be detected by looking for a directory /etc/khubd.p2/:
http://www.us-cert.gov/current/#ssh_key_based_attacks
Not being paranoid I did look in my /etc directory, nothing there as
expected, but you never know.
Gordon
More information about the dundee
mailing list