[dundee] phalanx2 rootkit installed via stolen SSH keys

Lee Hughes toxicnaan at yahoo.co.uk
Thu Aug 28 09:46:59 UTC 2008


Interesting, but I can't seem to find any details about the ssh vulnerability,

there not talking about just stealing the keys are they? because every key system
is vulnerable to that, if some ones breaks into your house , and steals your car keys,
then can zoom of with your car?

That security advisory was poor, very poor...no effected systems listed, no version numbers
effected, no remote or local exploits,

errr....

perhaps it better have said, something my  happen to your machine, some time, by
some one , using some method.

there you go... ;-)

Cheers,
Lee


--- On Wed, 27/8/08, gordon dunlop <astrozubenel at googlemail.com> wrote:
From: gordon dunlop <astrozubenel at googlemail.com>
Subject: [dundee] phalanx2 rootkit installed via stolen SSH keys
To: "Tayside Linux User Group" <dundee at mailman.lug.org.uk>
Date: Wednesday, 27 August, 2008, 10:21 PM

An interesting article for the security minded. Hackers try to implant
a phalanx2 root kit via stolen SSH keys on Linux infrastructure
systems. It can be detected by looking for a directory /etc/khubd.p2/:

http://www.us-cert.gov/current/#ssh_key_based_attacks

Not being paranoid I did look in my /etc directory, nothing there as
expected, but you never know.

Gordon

_______________________________________________
dundee GNU/Linux Users Group mailing list
dundee at lists.lug.org.uk  http://dundee.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/dundee
Chat on IRC, #tlug on dundee.lug.org.uk


Send instant messages to your online friends http://uk.messenger.yahoo.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.lug.org.uk/pipermail/dundee/attachments/20080828/923d7b48/attachment.htm 


More information about the dundee mailing list