Security Incidents mailing list archives
Re: Voluminous SSHd scanning; possible worm activity ?
From: Dragos Ruiu <dr () kyx net>
Date: Sun, 16 Dec 2001 01:03:44 +0000
I am not aware of what exactly the AV software uses as its bleh signature, but I have personally seen recovered copies of the x2 exploit infected with linux virii in the wild. Do not discount this as an option, imho. --dr CanSecWest/core02 - May 1-3 2002 - Vancouver B.C. - http://cansecwest.com On Thu, 13 Dec 2001 14:37:44 -0800 (PST) Dave Dittrich <dittrich () cac washington edu> wrote:
On Thu, 13 Dec 2001, Steve Wright wrote:mcaffee reports the x2 file as containing the bleh unix worm ??McAfee (and Kaspersky Labs) are wrong. It is an ssh exploit, not a worm. If anyone from either company wants to contact me about how what signature is used, I'd love to help straighten this out. -- Dave Dittrich Computing & Communications dittrich () cac washington edu University Computing Services http://staff.washington.edu/dittrich University of Washington PGP key http://staff.washington.edu/dittrich/pgpkey.txt Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: Voluminous SSHd scanning; possible worm activity ? Gommers, Joep (Dec 12)
- Re: Voluminous SSHd scanning; possible worm activity ? Steve Wright (Dec 13)
- Re: Voluminous SSHd scanning; possible worm activity ? Philipp Stucke (Dec 13)
- Re: Voluminous SSHd scanning; possible worm activity ? Dave Dittrich (Dec 14)
- Re: Voluminous SSHd scanning; possible worm activity ? Dragos Ruiu (Dec 16)
- Re: Voluminous SSHd scanning; possible worm activity ? Steve Wright (Dec 13)