[ISN] Server-based botnet floods net with brutish SSH attacks

From: InfoSec News <alerts_at_private>
Date: Fri, 13 Aug 2010 02:52:52 -0500 (CDT)
http://www.theregister.co.uk/2010/08/12/server_based_botnet/

By Dan Goodin in San Francisco 
The Register
12th August 2010

Updated -- A server-based botnet that preys on insecure websites is 
flooding the net with attacks that attempt to guess the login 
credentials for secure shells protecting Linux boxes, routers, and other 
network devices.

According to multiple security blogs, the bot compromises websites 
running outdated versions of phpMyAdmin. By exploiting a vulnerability 
patched in April, the bot installs a file called dd_ssh, which trawls 
the net for devices protected by the SSH protocol.

“This bot then conducts brute force SSH attacks on random IP addresses 
specified by the bot herder,” a user blogged here. Indeed, DShield, an 
exploit-monitoring service maintained by the SANS Institute, shows a 
six-fold increase in the number of sources participating in SSH scanning 
from July 24 to August 10, and close to a three-fold jump in the number 
of targets.

For reasons that remain unclear, the number of sources over the past two 
days has plummeted, even as the number of targets has dropped only 
moderately.

[...]


--
Visit InfoSec News!
http://www.infosecnews.org/
Received on Fri Aug 13 2010 - 00:52:52 PDT

This archive was generated by hypermail 2.2.0 : Fri Aug 13 2010 - 01:01:34 PDT