Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Voluminous SSHd scanning; possible worm activity ?

From: Dragos Ruiu <dr () kyx net>
Date: Sun, 16 Dec 2001 01:03:44 +0000

I am not aware of what exactly the AV software uses as its bleh signature,
but I have personally seen recovered copies of the x2 exploit infected with 
linux virii in the wild.  Do not discount this as an option, imho.

--dr
CanSecWest/core02 - May 1-3 2002 - Vancouver B.C. - http://cansecwest.com

On Thu, 13 Dec 2001 14:37:44 -0800 (PST)
Dave Dittrich <dittrich () cac washington edu> wrote:


On Thu, 13 Dec 2001, Steve Wright wrote:


mcaffee reports the x2 file as containing the bleh unix worm ??


McAfee (and Kaspersky Labs) are wrong.  It is an ssh exploit, not a
worm.  If anyone from either company wants to contact me about how
what signature is used, I'd love to help straighten this out.

--
Dave Dittrich                           Computing & Communications
dittrich () cac washington edu             University Computing Services
http://staff.washington.edu/dittrich    University of Washington

PGP key      http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: