Re: Voluminous SSHd scanning; possible worm activity ?

[Steve Wright <stevew () cwazy co uk>]

mcaffee reports the x2 file as containing the bleh unix worm ??

On Wednesday 12 December 2001 08:27, you wrote:
> ="iso-8859-1"
>
> If i has taken a picture of the screen i was looking at, yes .. but no .. i
> didn't.
> i suggest u download that X2 exploit i found at my site:
> www.cb3rob.net/~rvdv/ssh/x21.tgz.
> There is a targets file, that contains information used to exploit serveral
> versions. I saw  (i love that ttysnoop) somebody exploit a 2.0.x SSHd with
> this exploit but with other targets i think.
>
> Version 2.9.2 has a exploit that's for sure. The rumor is that TESO made
> it, and it somehow reased some other underground 'crews' or 'groups'. Also
> i am trying to find more informatino on the local exploit for SSHD 2.4.0.
> More information on that soon.
>
> Hope this can be of any help. Personally im gettin' sick and tired of all
> those SSHD bugs etc. so i'm back to other remote administration programs.
>
> Sincerely,
> joep
>
> On Tue, Dec 11, 2001 at 02:12:24PM +0100, Gommers, Joep wrote:
> > Also SSH versions 2.0.x and 2.9.2 have not yet published exploit around.
>
> Do you have information to back this rumor?
>
> Thanks, -markus
>
> ---------------------------------------------------------------------------
> - This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com