HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
According to InformationWeek, Linux PCs are being attacked by a technique that uses stolen SSH keys to gain access to computers then, using a local kernel exploit, a rootkit is installed in order to steal other SSH keys and send them back to the attacker.
"Phalanx is a self-injecting kernel rootkit designed for the Linux 2.6 branch that does not use the now-disabled /dev/kmem device," explains computer security group Packet Storm on its Web site. "Features include file hiding, process hiding, socket hiding, a tty sniffer, a tty connectback-backdoor, and auto injection on boot."