brute force ssh attack

William Hooper whooperhsd3 at earthlink.net
Thu Apr 28 00:52:43 UTC 2005


Jeff Vian wrote:
[snip]
>> It has no escalation mechanism, so can only infect ELF files to which
>> the user infected has write permission.
>>
>> Threat ~0.
>>
>>
>>
>
> not true. it also infects files in /bin as stated by symantic and as
> stated by Daniel.  Thus it has some method of getting root privileges.

Inexperienced sysadmins.

Daniel Kirsten wrote:
"Yesterday, I examined the directory ~daikanyama/.undernet and probably I
executed mech as root. The file mech is indeed infected by Linux/Rst-B.
This explains everything......."

-- 
William Hooper




More information about the users mailing list