brute force ssh attack
Nigel Wade
nmw at ion.le.ac.uk
Fri Apr 29 14:01:44 UTC 2005
Matthew Miller wrote:
> On Fri, Apr 29, 2005 at 02:08:15PM +0100, Nigel Wade wrote:
>
>>>>It was completely manual, the virus didn't install itself. It was
>>>>injected by someone breaking in via ssh and then manually downloading an
>>>>infected file. It's not like a STD, it's like a virus which can only be
>>>>spread by direct injection.
>>>
>>>That's the difference between a virus and a worm. It *does* have a
>>>mechanism to spread between files on a machine, but doesn't have one to
>>>go between machines without piggybacking on something else. (Which it
>>>did.)
>>
>>For a virus to be viable it has to be able to infect files in such a way
>>that those infected files are likely to spread the virus. This one doesn't.
>>It needs to be spread manually, hence my threat rating of ~0.
>
>
> You're using the word "manually" in a strange way, and differently from the
> way you did in the paragraph above. In this case, it didn't spread manually
> (in the normal sense of the word) from the infected mech binary to the
> binaries in /bin -- it did that on its own when it got a chance.
>
I'm not using it differently. In both cases I am considering spreading from
one system to another. This was done manually.
To infect the /bin binaries it required a user with root privilege to do so.
Most Windows viruses would have very limited threat capability if users
would stop running them with administrator rights.
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw at ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
More information about the users
mailing list