Re: Voluminous SSHd scanning; possible worm activity ?

From: Dave Dittrich (dittrichat_private)
Date: Thu Dec 13 2001 - 14:37:44 PST

Next message: Sam Ferrell: "Re: Voluminous SSHd scanning; possible worm activity?"

Previous message: Nick FitzGerald: "Re: Gokar Worm?"
In reply to: Steve Wright: "Re: Voluminous SSHd scanning; possible worm activity ?"
Next in thread: Dragos Ruiu: "Re: Voluminous SSHd scanning; possible worm activity ?"
Reply: Dragos Ruiu: "Re: Voluminous SSHd scanning; possible worm activity ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 13 Dec 2001, Steve Wright wrote:

> mcaffee reports the x2 file as containing the bleh unix worm ??

McAfee (and Kaspersky Labs) are wrong.  It is an ssh exploit, not a
worm.  If anyone from either company wants to contact me about how
what signature is used, I'd love to help straighten this out.

--
Dave Dittrich                           Computing & Communications
dittrichat_private             University Computing Services
http://staff.washington.edu/dittrich    University of Washington

PGP key      http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Sam Ferrell: "Re: Voluminous SSHd scanning; possible worm activity?"
Previous message: Nick FitzGerald: "Re: Gokar Worm?"
In reply to: Steve Wright: "Re: Voluminous SSHd scanning; possible worm activity ?"
Next in thread: Dragos Ruiu: "Re: Voluminous SSHd scanning; possible worm activity ?"
Reply: Dragos Ruiu: "Re: Voluminous SSHd scanning; possible worm activity ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Dec 14 2001 - 09:09:02 PST