brute force ssh attack
Nigel Wade
nmw at ion.le.ac.uk
Thu Apr 28 08:41:17 UTC 2005
Matthew Miller wrote:
> On Wed, Apr 27, 2005 at 05:21:45PM +0100, Nigel Wade wrote:
>
>>>Looks like it spread to root from a user account in this case. Threat is
>>>obviously somewhat greater than 0. Caution and good practices are still
>>>required.
>>
>>There's no evidence that the virus escalated its own privilege. More likely
>>that a root process executed an infected binary.
>
>
> I agree -- and that's exactly why this shouldn't be dismissed as "0 threat".
>
I didn't say 0, I said ~0. You also shouldn't overstate the threat and
create FUD where none is justified.
For a virus to be viable it has to be communicable. In this instance the
virus required manual "injection". Hence the 0-49 infections in 3 years, and
the virutally zero threat.
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw at ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
More information about the users
mailing list