http://www.theregister.co.uk/2010/08/12/server_based_botnet/ By Dan Goodin in San Francisco The Register 12th August 2010 Updated -- A server-based botnet that preys on insecure websites is flooding the net with attacks that attempt to guess the login credentials for secure shells protecting Linux boxes, routers, and other network devices. According to multiple security blogs, the bot compromises websites running outdated versions of phpMyAdmin. By exploiting a vulnerability patched in April, the bot installs a file called dd_ssh, which trawls the net for devices protected by the SSH protocol. “This bot then conducts brute force SSH attacks on random IP addresses specified by the bot herder,” a user blogged here. Indeed, DShield, an exploit-monitoring service maintained by the SANS Institute, shows a six-fold increase in the number of sources participating in SSH scanning from July 24 to August 10, and close to a three-fold jump in the number of targets. For reasons that remain unclear, the number of sources over the past two days has plummeted, even as the number of targets has dropped only moderately. [...] -- Visit InfoSec News! http://www.infosecnews.org/Received on Fri Aug 13 2010 - 00:52:52 PDT
This archive was generated by hypermail 2.2.0 : Fri Aug 13 2010 - 01:01:34 PDT