English Deutsch Español Français Italiano Portuguese Čeština Ελληνικά 中文(简体) 中文 (繁體) Tiếng Việt 日本語 ภาษาไทย Русский Български Nederlands Polski Svenska Norsk Dansk Suomi

McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams

SPAMfighter is

Microsoft Gold Certified Partner

SPAMfighter also

Works with Windows Vista

SPAMfighter Exchange Module is Microsoft certified ".net connected".

Microsoft .NET Connected

SSH Keys Harvested To Launch Linux Attacks

Security Professionals at SANS are warning users about a new surge of Linux attacks that are employing SSH (Stolen Secure Shell) keys. According to them, the attack is associated with a malicious rootkit called Phalanx2.

Security professionals point out that the SSH protocol is employed as an arrangement to conduct secured communications among networked systems. The arrangement was initially used as a substitute for the Telnet protocol that is not so secured.

However, explaining the rootkit attack, a security advisory from US-CERT (US Computer Emergency Response Team) stated that the malicious rootkit has been derived from an older malware sample, and it stores itself on a directory named "/etc/khubd.p2/" that can be accessed only through the "cd" command.

Further, while providing the details on the rootkit installation, SANS Researchers stated that as soon as it is loaded on a victim's computer, the rootkit searches for weak SSH keys; and subsequently, attempts to utilize the data for carrying out more attacks on other connected computers.

However, security researchers and analysts said that the attacks make no attempt to capture or employ the stolen SSH keys that can work with passwords, leaving the administrators to find a proper method for defending their systems.

According to John Bambenek, Researcher, SANS, the greatest defense can be with keys that require a phrase such as a series of words, alternatively other text that would control the way a computer is accessed along with applications and data on the system. The keys referred to pertain to those that might be used to validate to the distant systems and certainly those facing the Internet , as reported by vnunet on August 28, 2008.

Further, as a precautionary action to safeguard a user's own security, Bambenek advises users to examine their logs, particularly if they employ SSH key-based authentication, to detect unauthorized accesses from distant machines.

It is further recommended that computer users properly patch their computers to address any security flaw that could allow hijackers to obtain the SSH keys much easily, leaving the systems over-shadowed with malicious programs.

» SPAMfighter News - 05-09-2008

SPAMfighter box shot

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail and Thunderbird - Read more

Slow PC? Try SLOW-PCfighter

Optimize your Slow PC for better performance. Try FREE scan now.

 

Exchange spam filter

SPAMfighter Exchange Module is a spam/virus filter for Exchange server - Free 30 days trial

 

Spyware remover

Remove Spyware with SPYWAREfighter - Free 30 days trial

<<<>>>