Posted in Industry News on 19/02/2013 @ 18:59
We are currently aware of a new SSH Rootkit as per the following link:
As the source of this exploit is currently unknown but appears to be related to the LAMP stack on CentOS / CloudLinux only (at present), we have came up with the following script to assist: http://status.racksrv.com/ssh_rootchk.sh this will check for the rootkit as well as block the only known IP in use with this exploit.
We will ensure that this script is updated as this matter progresses, we will also keep you informed accordingly, clients using CentOS / CloudLinux that come across this exploit please contact support immediately.Update @ 17:46 on 21/02/13 by Jon
According to http://secunia.com/advisories/52312/ Red Hat has issued an update for openssh so keep your eyes peeled for an updated package via the official repos!
There are indications that this could potentially be a local exploit, please ensure you scan your desktops / workstations for malware and such, we will continue to update this matter as it progresses.