[Dshield] OpenSSH exploit in use

asebba asebba at secrel.com.br
Mon Sep 29 17:49:57 GMT 2003


Anyway, go to your task manager (ps -aux in linux) and check all the
processes running. You can find something "interesting"!

Alexandre Sebba

----- Original Message ----- 
From: "Alan Frayer" <afrayer at frayernet.com>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Saturday, September 27, 2003 6:04 AM
Subject: RE: [Dshield] OpenSSH exploit in use


> In Windows, I don't think there's anything more effective than Spybot
> Search & Destroy, which also happens to be freeware (donation based). I
> think you can get it at:
>
> http://security.kolla.de
>
>
> On Fri, 2003-09-26 at 16:02, Jeff D wrote:
> > I just did a quick google for it and this looks like it might be a good
> > place to look:
> >
> > http://www.webattack.com/Freeware/security/fwantispy.html
> >
> > It has a lot of links to anti-spy ware software.  I don't run windows
> > myself so I can't vouch for any of the software on there, others may
know
> > more about this than I.  But, I would think that it would be worth
> > checking out.
> >
> > Jeff
> >
> >
> > On Fri, 26 Sep 2003, Nike wrote:
> >
> > > Now you said that it does sound like a possibility. Those are all
> > > windows machines (XP, few 98) and our firewall there isn't at top
> > > security settings at all. And we had welchia/blaster hit them too but
> > > they were removed (No anti-virus software either, argh).
> > > Are there *good* tools out there to check for key loggers etc.?
> > >
> > > // Nikerabbit // This is the end of all hope
> > > <Telerium>  Hän oli apinamies, hän ei antanut periksim sillä
apinamiehen
> > > työ on apinoida joka yö.
> > >
> > > -----Original Message-----
> > > From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On
> > > Behalf Of Jeff D
> > > Sent: 26. syyskuuta 2003 20:01
> > > To: General DShield Discussion List
> > > Subject: Re: [Dshield] OpenSSH exploit in use
> > >
> > > On Fri, 26 Sep 2003, Nike wrote:
> > >
> > > > In private school I go, we had two Linux boxes compromised last
week,
> > >
> > > <snip>
> > >
> > > >
> > > > Common factors we come up were
> > > >  1. Both were using putty from class computers. The guy with debian
> > > was
> > > > logged as root before all his files were removed.
> > > >  2. Both computers did run irc client which was connected to qnet &
> > > > ircnet
> > > >  3. Both was off computer for longer time when files were deleted.
> > > >
> > > > Has anybody else had same experiences or know if there is some kind
of
> > > > exploit tool going around?
> > > >
> > > > // Nikerabbit // This is the end of all hope
> > > > <Telerium>  Hän oli apinamies, hän ei antanut periksim sillä
> > > apinamiehen
> > > > työ on apinoida joka yö.
> > > >
> > >
> > > Could it be possible that the classroom machines have keyloggers
> > > installed on them?
> > >
> > >
> > > ==
==
> > >        Human beings were created by water to transport it uphill.
> > > ==
==
> > >
> > > _______________________________________________
> > > list mailing list
> > > list at dshield.org
> > > To change your subscription options (or unsubscribe), see:
> > > http://www.dshield.org/mailman/listinfo/list
> > >
> > >
> > >
> > > _______________________________________________
> > > list mailing list
> > > list at dshield.org
> > > To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
> > >
> >
> > ==                                                                   ==
> >        Human beings were created by water to transport it uphill.
> > ==                                                                   ==
> >
> > _______________________________________________
> > list mailing list
> > list at dshield.org
> > To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>
> ________________________________________________________________________
> Alan Frayer,CNE,CNI,CIW CI,MCP,Net+ - afrayer at frayernet.com
> Seeking an IT Mgmt/Network Admin position in the Tampa Bay Region
> If you would like to discuss an opportunity with me, please e-mail.
>
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>




More information about the list mailing list