Germany's CERT has issued a warning about Linux rootkits.
From Robert Penz:
The CERT of the Germany`s National Research and Education Network (DFN – Deutsches Forschungsnetz) warns about attacks on Linux servers, which hide with a root kit. This root kit hides directories and processes from the administrator. The attack is most likely carried out by stolen SSH keys.
Their experts found the directory /etc/khubd.p2/ on the compromised systems but this directory did not show up with ls -l /etc/. But it was possible to change into that directory. [From DFN CERT warns about Linux root kits | Robert Penz Blog]
Leave a comment