AOH :: ISNQ6847.HTM

Server-based botnet floods net with brutish SSH attacks




Server-based botnet floods net with brutish SSH attacks
Server-based botnet floods net with brutish SSH attacks



  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1457021584-1376640062-1281685584=:13770
Content-Type: TEXT/PLAIN; CHARSET=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID:  

http://www.theregister.co.uk/2010/08/12/server_based_botnet/ 

By Dan Goodin in San Francisco 
The Register
12th August 2010

Updated -- A server-based botnet that preys on insecure websites is 
flooding the net with attacks that attempt to guess the login 
credentials for secure shells protecting Linux boxes, routers, and other 
network devices.

According to multiple security blogs, the bot compromises websites 
running outdated versions of phpMyAdmin. By exploiting a vulnerability 
patched in April, the bot installs a file called dd_ssh, which trawls 
the net for devices protected by the SSH protocol.

=E2=80=9CThis bot then conducts brute force SSH attacks on random IP addresses 
specified by the bot herder,=E2=80=9D a user blogged here. Indeed, DShield, an 
exploit-monitoring service maintained by the SANS Institute, shows a 
six-fold increase in the number of sources participating in SSH scanning 
from July 24 to August 10, and close to a three-fold jump in the number 
of targets.

For reasons that remain unclear, the number of sources over the past two 
days has plummeted, even as the number of targets has dropped only 
moderately.

[...]


--1457021584-1376640062-1281685584=:13770
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
Visit InfoSec News!
http://www.infosecnews.org/ 


--1457021584-1376640062-1281685584=:13770--

Site design & layout copyright © 1986-2014 CodeGods