brute force ssh attack

Nigel Wade nmw at ion.le.ac.uk
Thu Apr 28 08:41:17 UTC 2005


Matthew Miller wrote:
> On Wed, Apr 27, 2005 at 05:21:45PM +0100, Nigel Wade wrote:
> 
>>>Looks like it spread to root from a user account in this case. Threat is
>>>obviously somewhat greater than 0. Caution and good practices are still
>>>required.
>>
>>There's no evidence that the virus escalated its own privilege. More likely 
>>that a root process executed an infected binary.
> 
> 
> I agree -- and that's exactly why this shouldn't be dismissed as "0 threat".
> 

I didn't say 0, I said ~0. You also shouldn't overstate the threat and 
create FUD where none is justified.

For a virus to be viable it has to be communicable. In this instance the 
virus required manual "injection". Hence the 0-49 infections in 3 years, and 
the virutally zero threat.

-- 
Nigel Wade, System Administrator, Space Plasma Physics Group,
             University of Leicester, Leicester, LE1 7RH, UK
E-mail :    nmw at ion.le.ac.uk
Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555




More information about the users mailing list