Linux maintainers were infected for 2 years by SSH-dwelling backdoor (ars technica)
15 mai 2024 à 18:15
Ars technica looks
at a a
recent report on the Ebury root kit, with a focus on the 2011 compromise of kernel.org, which may have
been more extensive than believed at the time.
In 2014, ESET researchers said the 2011 attack likely infected kernel.org servers with a second piece of malware they called Ebury. The malware, the firm said, came in the form of a malicious code library that, when installed, created a backdoor in OpenSSH that provided the attackers with a remote root shell on infected hosts with no valid password required. In a little less than 22 months, starting in August 2011, Ebury spread to 25,000 servers. Besides the four belonging to the Linux Kernel Organization, the infection also touched one or more servers inside hosting facilities and an unnamed domain registrar and web hosting provider.