August 27, 2008

SSH Key-based Attacks

US-CERT is aware of active attacks against linux-based computing infrastructures using compromised SSH keys. The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to gain root access. Once root access has been obtained, a rootkit known as "phalanx2" is installed.

Link: us-cert.gov

Category:

  • Security
Click Here!