[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: brute force ssh attack

Matthew Miller wrote:
On Wed, Apr 27, 2005 at 05:21:45PM +0100, Nigel Wade wrote:

Looks like it spread to root from a user account in this case. Threat is
obviously somewhat greater than 0. Caution and good practices are still

There's no evidence that the virus escalated its own privilege. More likely that a root process executed an infected binary.

I agree -- and that's exactly why this shouldn't be dismissed as "0 threat".

I didn't say 0, I said ~0. You also shouldn't overstate the threat and create FUD where none is justified.

For a virus to be viable it has to be communicable. In this instance the virus required manual "injection". Hence the 0-49 infections in 3 years, and the virutally zero threat.

Nigel Wade, System Administrator, Space Plasma Physics Group,
            University of Leicester, Leicester, LE1 7RH, UK
E-mail :    nmw ion le ac uk
Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]