Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach
Ebury backdoors SSH servers in hosting providers, giving the malware extraordinary reach.
#Infrastructure used to maintain and distribute the Linux operating system kernel was #infected for two years, starting in 2009, by sophisticated #malware that managed to get a hold of one of the developers’ most closely guarded resources: the /etc/shadow files that stored encrypted password data for more than 550 system users, researchers said Tuesday.
The unknown attackers behind the #compromise infected at least four #servers inside kernel.org, the Internet domain underpinning the sprawling Linux development and distribution network, the researchers from security firm #ESET said. After obtaining the cryptographic hashes for 551 user accounts on the network, the #attackers were able to convert half into plaintext passwords, likely through password-cracking techniques and the use of an advanced #credential-stealing feature built into the malware. From there, the attackers used the servers to send spam and carry out other nefarious activities. The four servers were likely infected and disinfected at different times, with the last two being remediated at some point in 2011.