[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: brute force ssh attack



Matthew Miller wrote:
On Fri, Apr 29, 2005 at 02:08:15PM +0100, Nigel Wade wrote:

It was completely manual, the virus didn't install itself. It was injected by someone breaking in via ssh and then manually downloading an infected file. It's not like a STD, it's like a virus which can only be spread by direct injection.

That's the difference between a virus and a worm. It *does* have a mechanism to spread between files on a machine, but doesn't have one to go between machines without piggybacking on something else. (Which it did.)

For a virus to be viable it has to be able to infect files in such a way that those infected files are likely to spread the virus. This one doesn't. It needs to be spread manually, hence my threat rating of ~0.


You're using the word "manually" in a strange way, and differently from the
way you did in the paragraph above. In this case, it didn't spread manually
(in the normal sense of the word) from the infected mech binary to the
binaries in /bin -- it did that on its own when it got a chance.


I'm not using it differently. In both cases I am considering spreading from one system to another. This was done manually.


To infect the /bin binaries it required a user with root privilege to do so. Most Windows viruses would have very limited threat capability if users would stop running them with administrator rights.

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
            University of Leicester, Leicester, LE1 7RH, UK
E-mail :    nmw ion le ac uk
Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]