brute force ssh attack
Matthew Miller
mattdm at mattdm.org
Fri Apr 29 13:14:25 UTC 2005
On Fri, Apr 29, 2005 at 02:08:15PM +0100, Nigel Wade wrote:
> >>It was completely manual, the virus didn't install itself. It was
> >>injected by someone breaking in via ssh and then manually downloading an
> >>infected file. It's not like a STD, it's like a virus which can only be
> >>spread by direct injection.
> >That's the difference between a virus and a worm. It *does* have a
> >mechanism to spread between files on a machine, but doesn't have one to
> >go between machines without piggybacking on something else. (Which it
> >did.)
> For a virus to be viable it has to be able to infect files in such a way
> that those infected files are likely to spread the virus. This one doesn't.
> It needs to be spread manually, hence my threat rating of ~0.
You're using the word "manually" in a strange way, and differently from the
way you did in the paragraph above. In this case, it didn't spread manually
(in the normal sense of the word) from the infected mech binary to the
binaries in /bin -- it did that on its own when it got a chance.
--
Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
Current office temperature: 72 degrees Fahrenheit.
More information about the fedora-list
mailing list