![<br><br><b>Linux under attack: Compromised SSH keys lead to rootkit</b><br><br> <br><br><b>Linux under attack: Compromised SSH keys lead to rootkit</b><br><br>](https://www.internetmonitor.lu/photo/art/default/1021060-1282416.jpg?v=1289420296)
The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to gain root access. Once root access has been obtained, a rootkit known as “phalanx2″ is installed, US-CERT said in a note on its current activity site.
Source and whole article: ZDNET (EN)