Security researchers have discovered a Linux backdoor that uses a covert communication protocol to disguise its presence on compromised systems.
The malware was used in an attack on a large (unnamed) hosting provider back in May. It cleverly attempted to avoid setting off any alarm bells by injecting its own communications into legitimate traffic, specifically SSH chatter. SSH is a protocol commonly used to access shell accounts on Unix-like operating systems, a continuous activity for remote administration of websites.