Subj : Linux maintainers were infected for 2 years by SSH-dwelling backdoor
To   : All
From : LWN.net
Date : Wed May 15 2024 19:30:06

Linux maintainers were infected for 2 years by SSH-dwelling backdoor
(ars technica)

Date:
Wed, 15 May 2024 18:15:01 +0000

Description:
Ars technica looks
at a a
recent report on the Ebury root kit, with a focus on the 2011 compromise of 
kernel.org , which may have
been more extensive than believed at the time. In 2014, ESET researchers said 
the 2011 attack likely infected
	kernel.org servers with a second piece of malware they called
	Ebury. The malware, the firm said, came in the form of a malicious
	code library that, when installed, created a backdoor in OpenSSH
	that provided the attackers with a remote root shell on infected
	hosts with no valid password required. In a little less than 22
	months, starting in August 2011, Ebury spread to 25,000
	servers. Besides the four belonging to the Linux Kernel
	Organization, the infection also touched one or more servers inside
	hosting facilities and an unnamed domain registrar and web hosting
	provider.

======================================================================
Link to news story:
https://lwn.net/Articles/973783/


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)

.