The U.S. Computer Emergency Readiness Team (CERT) has issued a warning for what it calls “active attacks” against Linux-based computing infrastructures using compromised SSH keys.

The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to gain root access. Once root access has been obtained, a rootkit known as “phalanx2″ is installed, US-CERT said in a note on its current activity site.

Read the full article here

Bookmark to:

This entry was posted on Thursday, August 28th, 2008 at 16:05 and is filed under Linux, SSH.You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.