Some Linux users are getting a feel for what it's like to be one of the Windows faithful, as the open source community looks to be under siege . The U.S. Computer Emergency Readiness Team (CERT) has issued a warning for "active attacks" against Linux-based infrastructures using compromised SSH keys.
Specifics remain scarce, but the attacks appear to use stolen SSH keys to gain access to a system, after which time the attacker uses local kernel exploits to gain root access and install a rootkit called phalanx2.
"Phalanx2 appears to be a derivative of an older rootkit named "phalanx". Phalanx2 and the support scripts within the rootkit, are configured to systematically steal SSH keys from the compromised system. These SSH keys are sent to the attackers, who then use them to try to compromise other sites and other systems of interest at the attacked site."
The US-CERT has outlined ways Linux users can reduce the risk of attack, as well as what steps should be taken if a compromise is already confirmed.
Image Credit: Flickr dsearl