Monday, February 4, 2013

Trojanized SSH Server found on Compromised Systems

Searchers at ESET have found a trojanized SSH server. How it got there in the first place is not clear, but the usual suspects are pointed: outdated softwares or modules, faulty Apache configuration ...

This evil Daemon has a few features: it ships all connecting username/password to the mother base, it has a built-in password that grant access to the compromised server regardless of password changes, and it even have a built-in SSH key that provides the same feature.

The ESET AV detects it as Linux/SSHDoor.A.