Linux maintainers were infected for 2 years by SSH-dwelling backdoor
(ars technica)
Date:
Wed, 15 May 2024 18:15:01 +0000
Description:
Ars technica looks
at a a
recent report on the Ebury root kit, with a focus on the 2011 compromise of kernel.org , which may have
been more extensive than believed at the time. In 2014, ESET researchers said the 2011 attack likely infected
kernel.org servers with a second piece of malware they called
Ebury. The malware, the firm said, came in the form of a malicious
code library that, when installed, created a backdoor in OpenSSH
that provided the attackers with a remote root shell on infected
hosts with no valid password required. In a little less than 22
months, starting in August 2011, Ebury spread to 25,000
servers. Besides the four belonging to the Linux Kernel
Organization, the infection also touched one or more servers inside
hosting facilities and an unnamed domain registrar and web hosting
provider.
======================================================================
Link to news story:
https://lwn.net/Articles/973783/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)