Linux security threat - Linux ssh backdoor daemon

I found this article an interesting read : Linux/SSHDoor.A Backdoored SSH daemon that steals passwords | ESET ThreatBlog

Its a blog about a a trojanized version of the linux ssh daemon that is found in the wild (ie out there now being used in place of nominal ssh daemon/servers on compromised GNU/Linux systems). From what I read, in this case, the binary not only lets the attacker log onto the server if he has a hardcoded password, the attacker is also granted access if he/she has the right SSH key. The backdoor also logs all username and passwords to exfiltrate them to a server hosted in Iceland.

What is not clear is how this trojan is spread … as the blog notes this:

I use ssh on a weekly basis, as I often pipe vnc through ssh to help my mother in Canada with her PC (I live in Europe).

On 01/26/2013 01:16 PM, oldcpu wrote:

>> but outdated applications or weak passwords are probably to blame

another great reason to use only strong and supported and security
patched software from known and trusted sites…

the bad guys are out there and they love to control linux boxes with
lax security and/or outdated software.


dd

On 2013-01-26 14:25, dd wrote:
> On 01/26/2013 01:16 PM, oldcpu wrote:
>
>>> but outdated applications or weak passwords are probably to blame
>
> another great reason to use only strong and supported and security
> patched software from known and trusted sites…

Another great reason to have a reliable GPG trust chain, and good
practices, at the openSUSE organization.


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)