As this article from The Register shows a newly discovered backdoor is being exploited in the wild.
"The attackers understood the target environment was generally
well-protected. In particular, the attackers needed a means to avoid
suspicious network traffic or installed files, which may have triggered a
security review. Demonstrating sophistication, the attackers devised
their own stealthy Linux backdoor to camouflage itself within the Secure
Shell (SSH) and other server processes.
This backdoor allowed an attacker to perform the usual functionality —
such as executing remote commands — however, the backdoor did not open a
network socket or attempt to connect to a command-and-control server
(C&C). Rather, the backdoor code was injected into the SSH process
to monitor network traffic and look for the following sequence of
characters: colon, exclamation mark, semi-colon, period (“:!;.”).
After seeing this pattern, the back door would parse the rest of the
traffic and then extract commands which had been encrypted with Blowfish
and Base64 encoded."
Mr. Linux Head: Expert Linux and FreeBSD support.
