[nsp-sec] SSH scanners on the rise
Stephen Gill
gillsr at cymru.com
Mon Aug 9 14:26:35 EDT 2010
We have a recent copy from that IP/FTP mentioned if anyone is interested or
you can fetch direct.
dd.txt is a php script that creates the binary
-- steve
On 8/9/10 5:12 AM, "Thomas Hungenberg" <th.lab at hungenberg.net> wrote:
> ----------- nsp-security Confidential --------
>
> Joel Rosenblatt schrieb:
>> Attached is the list of scanners from last night (about 835) The number
>> has been increasing by about 200 for the last 4 days.
>
> I recently heard of some web server compromises via vulnerabilities in
> phpMyAdmin
> where the attackers installed '/tmp/dd_ssh' (MD5
> 24dac6bab595cd9c3718ea16a3804009)
> to launch SSH bruteforce attacks.
>
> Looks similar to:
> <http://support.f5.com/kb/en-us/solutions/public/11000/700/sol11719.html>
>
>
> - Thomas
>
> CERT-Bund Incident Response & Anti-Malware Team
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
--
Stephen Gill, Chief Scientist, Team Cymru
http://www.cymru.com | +1 630 230 5423 | gillsr at cymru.com
More information about the nsp-security
mailing list