Educause Security Discussion mailing list archives
DFN-CERT warning about Linux Root Kits
From: Dennis Tracz <dntracz () UCALGARY CA>
Date: Thu, 14 Aug 2008 15:03:08 -0600
Hello All,Just wanted to draw your attention to this, As you may know the CERT for Germany`s National Research and Education Network (DFN – Deutsches Forschungsnetz) is warning about root kit attacks on Linux servers, This root kit hides directories and processes from the administrator. The attack is most likely carried out by stolen SSH keys.
All Linux based workstations, should be examined for the rootkit (located in a hidden directory "/etc/khubd.p2/") used to collect information.
-- Dennis N. Tracz CISSP-ISSMP,CISM,CGEIT Information Security Officer University of Calgary (403) 220-4010
Attachment:
dntracz.vcf
Description:
Current thread:
- DFN-CERT warning about Linux Root Kits Dennis Tracz (Aug 14)