Anyone see this yet? I'd like to get hold of a copy. There seems to be
a new version.
"The US-CERT is reporting that there is active attacks against Linux
environments using stolen SSH keys. There is a new rootkit out,
Phalanx2 which is dropped by attackers which, among the usual rootkit
tasks, steal any SSH key on a system. The attackers then, presumably,
use those stolen keys (the ones without passwords/passphrases at
least) to get into other machines." ...
Someone that got broken into. Oddly enough, on the machine now hosting
Protect? [** America, The Police State **] Serve?
Teen Tazered 19 times: [url]http://www.ky3.com/news/local/26158674.html[/url]
Guns For TX Teachers: [url]http://news.bbc.co.uk/1/hi/world/americas/7564654.stm[/url]
Castration Punishment: [url]http://www.foxnews.com/story/0,2933,348171,00.html[/url]
On Wed, 27 Aug 2008 07:42:09 -0400, jayjwa <email@example.com>
> Anyone see this yet? I'd like to get hold of a copy. There seems to be
> a new version.[/color]
A couple of months ago I encountered a machine infected by the
phaslanx2 rootkit, which chkrootkit failed to detect. As a result, I
wrote my own /proc file system checker that phalanx2 was unable hide
from. The script is available from
<http://www.jedsoft.org/slang/slsh.html>. It should be able to sniff
out similar rootkits.
# ./chkproc2.sl -q
WARNING: pid 2375 exists, but chdir /proc/2375 fails
WARNING: /proc/2375 needs gid=56564 for access