[unisog] step up in SSH scanning starting today?

James Davis james.davis at ja.net
Thu May 15 09:32:16 GMT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A colleague pointed out this thread to me. We've been seeing some
interesting distributed attacks against accounts over SSH for the past
few days.

The attack appears to be coordinated across approximately 100 to 1000
hosts although there doesn't appear to be any order to which host will
attempt to login next. The only malware I've been able to recover so far
(from sites I've reported the traffic to) has been a SSH client and a
DOS utility, so I've not got much of an idea how the botnet portion of
the attack works. I hope to have information soon.

Regards,

James

- --
James Davis	+44 1235 822 229    	   PGP: 0x890F159E
JANET CSIRT	0870 850 2340	        (+44 1235 822 340)
Lumen House, Library Avenue, Didcot, Oxfordshire, OX11 0SG
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQCVAwUBSCwDILa926eJDxWeAQLgigP+IzcQsj5zoBg99yYdNomss4+sE4z7zRnv
GdL5EGiyo4rPIzz1GYZCeN8QOREVekzD0/pVJtMOC/QnUd7kEhL1dZ/f7aACXwJH
sw3JsjhnntcuR7e4o4oYoDxEYetZWRkQsiSizG1XD95hqEBfRg+T9rQ+3vX6k+Xb
5qHXcUBLnMA=
=awJK
-----END PGP SIGNATURE-----


More information about the unisog mailing list