Trojanized SSH Daemon In the Wild, Sending Passwords To Iceland 171
An anonymous reader writes "It is no secret that SSH binaries can be backdoored. It is nonetheless interesting to see analysis of real cases where a trojanized version of the daemon are found in the wild. In this case, the binary not only lets the attacker log onto the server if he has a hardcoded password, the attacker is also granted access if he/she has the right SSH key. The backdoor also logs all username and passwords to exfiltrate them to a server hosted in Iceland."
SSH Got Bjorked? (Score:5, Funny)
Re:SSH Got Bjorked? (Score:5, Funny)
Re:Tip (Score:5, Funny)
If there is one thing I truly dislike, it's getting backdoored.
Re:Tip (Score:5, Funny)
This is, of course, assuming that you yourself are not running on another compromised virtual machine.
(There was one hack I was involved in where an investigator tried to get clever and started calculating MD5 checksums with a universal Turing machine operated using pencil and paper. Fortunately, I'd already trojaned base logic itself and managed to subvert alphanumeric characters to return the 'correct' values. Hacking the logical representations of arabic numerals? Now that's pretty advanced stuff. But then, there's always the worry that my own consciousness is running on something other than what I think is my own brain...)
Re: SSH Got Bjorked? (Score:2, Funny)
Warner Bros. Records.
Re:If it weren't for the mention of Iceland (Score:4, Funny)
Maybe it was an Open Source client, and they had to give you the source code to comply? :-)
Re:Gather passwords with ssh? Hah! (Score:3, Funny)
So you don't password-protect your private key?
they should have installed a java version of ssh (Score:1, Funny)
If they installed a java version of SSH, it would be ultra secure, but you need 750meg of ram for each ssh session.
Go Oracle, Larry is elite.