[nsp-sec] SSH scanners on the rise
Thomas Hungenberg
th.lab at hungenberg.net
Mon Aug 9 08:12:20 EDT 2010
Joel Rosenblatt schrieb:
> Attached is the list of scanners from last night (about 835) The number
> has been increasing by about 200 for the last 4 days.
I recently heard of some web server compromises via vulnerabilities in phpMyAdmin
where the attackers installed '/tmp/dd_ssh' (MD5 24dac6bab595cd9c3718ea16a3804009)
to launch SSH bruteforce attacks.
Looks similar to:
<http://support.f5.com/kb/en-us/solutions/public/11000/700/sol11719.html>
- Thomas
CERT-Bund Incident Response & Anti-Malware Team
More information about the nsp-security
mailing list