[UCI-Linux] sshd rootkit in the wild
iglesias at uci.edu
Fri Feb 22 09:09:40 PST 2013
SANS is reporting that there's a sshd rootkit in the wild that looks pretty
nasty. If you're running a system with sshd (especially if it's open at the
border), you'll want to make sure your system has not been affected.
Unfortunately at this time there's no information on the initial attack
vector, so looking for a modified libkeyutils library is the only way to tell
if you've been compromised. Note that this is mainly hitting RPM-based Linux
distributions, but you should check your system anyway.
More information here:
Mike Iglesias Email: iglesias at uci.edu
University of California, Irvine phone: 949-824-6926
Office of Information Technology FAX: 949-824-2270
More information about the UCI-Linux