All the latest UK technology news, reviews and analysis

Stolen SSH keys used for attacks

by Shaun Nichols

More from this author

28 Aug 2008

Be the first to comment

  • Tweet this
Padlock
A new rootkit attack is attempting to steal SSH keys

Security experts are warning of a new series of Linux attacks that use stolen Secure Shell (SSH) keys.

The SSH protocol is used as a system for securely communicating between networked machines. The system was first designed as a replacement for the less-secure Telnet protocol.

Further reading

The attack is part of a malware rootkit known as Phalanx2. According to an advisory from the US Computer Emergency Response Team (US-CERT,) the rootkit is a derivation of an older piece of malware and stores itself in a directory known as " /etc/khubd.p2/" which can only be accessed through the "cd" command.

Once installed, the malware scours a user's computer for vulnerable SSH keys and then attempts to use the data to carry out attacks on any connected systems.

Researchers note that the attack does not attempt to steal or use stolen keys that require passwords, leaving administrators with a good method for protecting their systems.

"The biggest defence is to have any keys, especially those used to authenticate to remote machines and certainly internet facing ones, require a passphrase to use," advised Sans researcher John Bambenek.

"Check your logs, especially if you use SSH key-based auth, to identify accesses from remote machines that have no business accessing you."

Bambenek also recommends that users fully patch their systems to cover any vulnerabilities which could make the SSH keys easier to obtain.

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

german flag

Germany backs away from ACTA

Related white papers

Related articles

Related jobs

Today's top stories

heartvalentinesday

Top 10 Valentine's Day technology matches made in heaven

Microsoft Windows 8 start screen

Microsoft talks up Windows 8 for ARM hardware

Security enhancements will be added with the Chrome 17 update

Chrome for Android hands on review

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

99%

0%

1%

0%

0%

Features

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

Khidr headshot

Intel will prove Steve Jobs wrong in the mobile market

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

Online Marketing Manager. Retail Brand

Senior Online Marketing Manager, Retail Brand This...

Senior Digital Marketing Manager- West Midlands

Senior Digital Marketing Manager- FTSE 250 Company, West...

Superb Java Developer

Superb Java Developer Java, Spring, Hibernate, Database...

Flash Developer - MMO Social Gaming - London

Flash Developer - MMO Social Gaming - London Tech...

To send to more than one email address, simply separate each address with a comma.