Linux/SSHDoor.A Backdoored SSH daemon that steals passwords

Discussion in 'all things UNIX' started by ComputerSaysNo, Feb 5, 2013.

Thread Status:
Not open for further replies.
  1. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,414

    http://blog.eset.com/2013/01/24/linux-sshdoor-a-backdoored-ssh-daemon-that-steals-passwords
     
  2. Interesting, thanks.

    Re what they say about integrity checkers. This clearly requires root access to install; wouldn't that make any IDS a good deal less reliable?

    Edit: Oh yeah... Good on ESET for not recommending a real-time AV on a server. Geeze.
     
  3. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,331
    Location:
    West Yorkshire, UK
    I doubt the author is the one who did the investigation and decompiling for the article:

    "it is hard to tell how this Trojanized SSH daemon made its way on a compromised server "

    The page that is cited as source explains in detail.

    Cheers, Nick
     
Loading...
Thread Status:
Not open for further replies.