brute force ssh attack
William Hooper
whooperhsd3 at earthlink.net
Thu Apr 28 00:52:43 UTC 2005
Jeff Vian wrote:
[snip]
>> It has no escalation mechanism, so can only infect ELF files to which
>> the user infected has write permission.
>>
>> Threat ~0.
>>
>>
>>
>
> not true. it also infects files in /bin as stated by symantic and as
> stated by Daniel. Thus it has some method of getting root privileges.
Inexperienced sysadmins.
Daniel Kirsten wrote:
"Yesterday, I examined the directory ~daikanyama/.undernet and probably I
executed mech as root. The file mech is indeed infected by Linux/Rst-B.
This explains everything......."
--
William Hooper
More information about the users
mailing list