Hello all, For those that didn't pick this up already, US-CERT reported yesterday: "US-CERT is aware of active attacks against linux-based computing infrastructures using compromised SSH keys. The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to gain root access. Once root access has been obtained, a rootkit known as "phalanx2" is installed." Full text is at http://www.us- cert.gov/current/archive/2008/08/26/archive.html#ssh_key_based_attac ks
We added Phalanx to Rootkit Hunter (RKH) back in 2006, RKH does /dev/shm checks for some time now and utilises 'unhide' where possible for hidden process checks. Today RKH CVS sees Phalanx2 added Rootkit files and directories, cd'ing into directories and Inode tests. Please see the updated RKH CVS tarball at http://rkhunter.sourceforge.net/rkhunter-CVS.tar.gz Regards, the RKH dev team --- -- Click now to find the best computer mouse for your needs! http://tagline.hushmail.com/fc/Ioyw6h4evek2apuUjT9WJCKXXxP1JFWAqF5m1DwQ4TlJSweX3vdJFO/ ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
