Linux systems actively targeted using SSH key attacks |
 |
By SearchSecurity.com Staff
27 Aug 2008 | SearchSecurity.com |
|
|
The United States Computer Emergency Readiness Team (US-CERT) is warning Linux users that they are being actively targeted by attackers using stolen SSH keys.
Secure Shell keys lock down communication between two networked devices. They are often used for remote authentication.
Once a Linux system is compromised, the attacker gains access to the kernel and installs a new rootkit known as Phalanx2, US-CERT said in its advisory. Phalanx2 is configured to swipe additional SSH keys from the compromised system.
US-CERT is advising system administrators to examine systems where SSH keys are used, review access paths to internet facing systems and ensure that systems are fully patched.
John Bambenek a vulnerability handler with the SANS Internet Storm Center said the biggest defense is to use a passphrase with keys for remote authentication and Internet facing machines.
"Sources of compromised keys could include the weak key vulnerability in Debian-based systems a few months ago, so if you haven't updated and replaced those keys, you ought to do so now," Bambenek said in the SANS Internet Storm Center Diary.
 |
 |
| |
RELATED CONTENT
 |
Malware, Viruses, Trojans and Spyware |
|
New Zeus spam poses as Social Security statements
|
|
Increase in Gumblar backdoors poses FTP credential problems
|
|
Hackers to sharpen malware, malicious software in 2010
|
|
iPhone worm Rickrolls jailbroken phones
|
|
Israeli Mossad add Trojan Horse to Syrian laptop
|
|
Schneier-Ranum Face-Off: Is antivirus dead?
|
|
Modern malware, stealthy botnets, adapt quickly, expert says
|
|
Computer worm infections up, scareware antivirus down, Microsoft says
|
|
Web-based attacks skyrocket, pirating sites surge, security firms say
|
|
Mini guide: How to remove and prevent Trojans, malware and spyware
|
|
|
|
|
|
