Government Gurus Warn of Stolen SSH Rootkit Attacks
on August 27, 2008
The United States Computer Emergency Readiness Team is warning users running Linux systems and utilizing SSH for system access that a new round of rootkit attacks is underway. According to reports, the attacks focus on using stolen SSH keys to gain system access, after which the attackers use kernel exploits to gain root access and deploy the phalanx2 rootkit. Once installed, the rootkit steals SSH keys from the system which may then be used to further the attacks.
US-CERT has provided instructions for detecting and mitigating the attacks, as well as advice for those who determine their systems have been compromised.