Re: brute force ssh attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Matthew Miller wrote:
On Wed, Apr 27, 2005 at 03:50:57PM +0100, Nigel Wade wrote:

Number of infections 0-49, number of sites 0-2 - over 3 years.
Wow, it's speading like wildfire... help, help!
It has no escalation mechanism, so can only infect ELF files to which the user infected has write permission.
Threat ~0.


Looks like it spread to root from a user account in this case. Threat is
obviously somewhat greater than 0. Caution and good practices are still
required.


There's no evidence that the virus escalated its own privilege. More likely that a root process executed an infected binary.


Moral of the story - don't execute binaries installed during a break-in just to see what they do, especially when logged in as root - and don't have "." in root's path!

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
            University of Leicester, Leicester, LE1 7RH, UK
E-mail :    nmw@xxxxxxxxxxxx
Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux