Security Incidents mailing list archives
Re: Voluminous SSHd scanning; possible worm activity ?
From: Dave Dittrich <dittrich () cac washington edu>
Date: Thu, 13 Dec 2001 14:37:44 -0800 (PST)
On Thu, 13 Dec 2001, Steve Wright wrote:
mcaffee reports the x2 file as containing the bleh unix worm ??
McAfee (and Kaspersky Labs) are wrong. It is an ssh exploit, not a worm. If anyone from either company wants to contact me about how what signature is used, I'd love to help straighten this out. -- Dave Dittrich Computing & Communications dittrich () cac washington edu University Computing Services http://staff.washington.edu/dittrich University of Washington PGP key http://staff.washington.edu/dittrich/pgpkey.txt Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: Voluminous SSHd scanning; possible worm activity ? Gommers, Joep (Dec 12)
- Re: Voluminous SSHd scanning; possible worm activity ? Steve Wright (Dec 13)
- Re: Voluminous SSHd scanning; possible worm activity ? Philipp Stucke (Dec 13)
- Re: Voluminous SSHd scanning; possible worm activity ? Dave Dittrich (Dec 14)
- Re: Voluminous SSHd scanning; possible worm activity ? Dragos Ruiu (Dec 16)
- Re: Voluminous SSHd scanning; possible worm activity ? Steve Wright (Dec 13)