Re: ssh worms FAQ
From: Dale Richards (dalerichards800_at_msn.com)
Date: 09/16/04
- Next message: Stephan Goeldi: "Re: S: ssh worms FAQ"
- Previous message: Paul remove-the-nospam Day: "Re: S: ssh worms FAQ"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 16 Sep 2004 21:52:15 GMT
Innocenti Maresin wrote:
> Hello!
>
> There is many ssh worms in the Internet since this summer.
> These worms often try to access
> "test", "guest", "admin", "user" and "root" accounts.
> See details in
> http://seclists.org/lists/fulldisclosure/2004/Jul/1243.html
Interesting. I've seen these access attempts in my logs but never thought
too much of it.
Out of curiosity, I downloaded the file mentioned in that article
(http://frauder.us/linux/ssh.tgz). As soon as I did, my antivirus software
started complaining about "Linux.RST.B", "Hacktool.Slice" and
"Hacktool.Rootkit".
Does anyone know whether this worm is just trying default passwords or if it
is using an SSH server vulnerability? It can't be brute forcing because I
only see one or two access attempts per attack in my logs...
- Next message: Stephan Goeldi: "Re: S: ssh worms FAQ"
- Previous message: Paul remove-the-nospam Day: "Re: S: ssh worms FAQ"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
