Linux maintainers were infected for 2 years by SSH-dwelling backdoor(ars technica)

Ars technica looksat a arecent report on the Ebury root kit, with a focus on the 2011 compromise of kernel.org, which may havebeen more extensive than believed at the time.

In 2014, ESET researchers said the 2011 attack likely infectedkernel.org servers with a second piece of malware they calledEbury. The malware, the firm said, came in the form of a maliciouscode library that, when installed, created a backdoor in OpenSSHthat provided the attackers with a remote root shell on infectedhosts with no valid password required. In a little less than 22months, starting in August 2011, Ebury spread to 25,000servers. Besides the four belonging to the Linux KernelOrganization, the infection also touched one or more servers insidehosting facilities and an unnamed domain registrar and web hostingprovider.