[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: brute force ssh attack

On Fri, Apr 29, 2005 at 11:57:24AM +0100, Nigel Wade wrote:
> It was completely manual, the virus didn't install itself. It was injected 
> by someone breaking in via ssh and then manually downloading an infected 
> file. It's not like a STD, it's like a virus which can only be spread by 
> direct injection.

That's the difference between a virus and a worm. It *does* have a mechanism
to spread between files on a machine, but doesn't have one to go between
machines without piggybacking on something else. (Which it did.)

> >Where are you getting your "0-49" number from?
> That's the number of infections quoted by Symantec.

Okay. Well, given that this is the second one in the wild I've seen, my
guess is that it's significantly higher than their guess. It's still not
widespread, but it'd be quite the freak of statistics if two of those 50
worldwide were cases I saw.

Matthew Miller           mattdm mattdm org        <http://www.mattdm.org/>
Boston University Linux      ------>                <http://linux.bu.edu/>
Current office temperature: 72 degrees Fahrenheit.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]