[ISN] Hackers Put A Price Tag On New Attack Tool

From: InfoSec News (isnat_private)
Date: Fri Oct 19 2001 - 11:28:39 PDT

  • Next message: InfoSec News: "[ISN] Bush supports limits on disclosing details of hacking"

    By Brian McWilliams, Newsbytes
    18 Oct 2001, 4:34 PM CST
    A new hacking tool is being actively used by attackers hoping to take
    remote control of unpatched Unix-based systems, security experts
    warned today.
    The tool appears to exploit a known bug in a popular authentication
    technology called Secure Shell (SSH), according to Simple Nomad,
    senior security analyst with Bindview Corporation. The security firm's
    RAZOR team, a research and development group, discovered the flaw in
    the SSH daemon, which it dubbed the crc32 vulnerability, last winter.
    In its February advisory, Bindview stated that it was aware of no
    working exploits for the overflow flaw in the SSH daemon. But last
    week, rumors spread in the hacker underground that scripts were
    available to gain "root" or system-level access to vulnerable systems.
    And in recent days, system operators have posted reports on security
    mailing lists saying they are receiving remote scans from attackers
    attempting to locate vulnerable systems running SSH.
    According to Roelof Temmingh, technical director for SensePost, an
    information security consulting firm, several versions of the SSH
    attack scripts have been available over Internet relay chat and other
    online forums for approximately one week.
    SSH is a technology developed by SSH Communications Security that
    enables users to securely log into a remote system and move files. The
    protocol is included with several Unix-based commercial operating
    systems including Sun Solaris, IBM AIX, and HP-UX.
    A free version of the protocol, known as OpenSSH, is integrated into
    many open-source Unix-based operating systems, including versions of
    Linux and BSD.
    While the attack tools exploit a relatively old bug for which patches
    were issued months ago, Temmingh reports that one individual was
    asking for unspecified financial compensation for sharing the script -
    a development which he views as ominous.
    "At $1000 an exploit, who are you going to attract? People that will
    pay that amount of money must surely be in a situation that will make
    it worth their while," said Temmingh.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Fri Oct 19 2001 - 13:25:22 PDT