-----BEGIN PGP SIGNED MESSAGE----- As several people have already noted, the "sshdwarez" or "sshdexp" trojan posted on bugtraq actually has nothing to do with SSH. It does not exploit any vulnerability in any version of SSH. Instead, it is simply a program that, if run as root, adds two new entries in /etc/passwd and sends mail back to the hacker's account at hotmail.com. No action is required from SSH users. Just do not run the sshdwarez trojan. If you have already run it, check your /etc/passwd file to make sure there are no extra entries. In fact, it may be a good idea to check your passwd files anyway; the accounts created by this particular trojan can be found by: grep babo: /etc/passwd grep b4b0: /etc/passwd For more information, please check http://www.ssh.fi/sshprotocols2/. Regards, Tatu - -- SSH Communications Security http://www.ssh.fi/ SSH IPSEC Toolkit http://www.ipsec.com/ Free Unix SSH http://www.ssh.fi/sshprotocols2/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNlGa+6kZxfGWH0o1AQG0pQP/TudMyud5+1RlBe4d7PxAC74NMm3ALe65 7s1DBr61zFeZsp9ss8A3loJW4lqh2TFZKSYOm3jZK1kfUsGTcgPgP56E8WgZxvaV ULkJ9jy0xqRqq4i8SJUex0dlZbBaeacqJhWpGlePYSVlwAd5Vsnw5W5MUZIvcHlX yUCY2xeA2M4= =hx0k -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:23:40 PDT