Its a blog about a a trojanized version of the linux ssh daemon that is found in the wild (ie out there now being used in place of nominal ssh daemon/servers on compromised GNU/Linux systems). From what I read, in this case, the binary not only lets the attacker log onto the server if he has a hardcoded password, the attacker is also granted access if he/she has the right SSH key. The backdoor also logs all username and passwords to exfiltrate them to a server hosted in Iceland.
What is not clear is how this trojan is spread … as the blog notes this:
I use ssh on a weekly basis, as I often pipe vnc through ssh to help my mother in Canada with her PC (I live in Europe).
On 2013-01-26 14:25, dd wrote:
> On 01/26/2013 01:16 PM, oldcpu wrote:
>
>>> but outdated applications or weak passwords are probably to blame
>
> another great reason to use only strong and supported and security
> patched software from known and trusted sites…
Another great reason to have a reliable GPG trust chain, and good
practices, at the openSUSE organization.
–
Cheers / Saludos,
Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)