Linux repository hit by malware attack

The Linux repository was rooted by a malware attack. While the breach goes under investigation, the websites for, Linux Foundation, and are down for maintenance.

A particularly ugly attack originating on drove the Linux Foundation and to close down its sites for maintenance. Here is part of the message posted on the Linux Foundation website:

Linux Foundation infrastructure including,, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011. The Linux Foundation made this decision in the interest of extreme caution and security best practices. We believe this breach was connected to the intrusion on

The Register reported on the intrusion on Aug. 31, stating that the infection went undetected for at least 17 days.

Multiple servers used to maintain and distribute the Linux operating system were infected with malware that gained root access, modified system software, and logged passwords and transactions of the people who used them, the official Linux Kernel Organization has confirmed.

According to security researchers who commented on the attack to The Register, the malware was a self-injecting rootkit, known as Phalanx, that first took hold on developer H. Peter Anvin's personal machine, then appeared on servers Hera and Odin1, where a "secure shell client used to remotely access servers was modified, and passwords and user interactions were logged during the compromise." is also down, but posted a note earlier that they are working on having all of its 448 users to change passwords and SSH keys. As far as the damage that was done, that is still being assessed, although some are offering reassurance. PC World quotes's message that "the potential damage of cracking is far less than typical software repositories" because the cryptographically secure SHA-1 hash that is used to define files would alert developers to any tampering.

What do you think -- do you trust that the Linux kernel will be safe and sound after the investigation is completed?