betabug... Sascha Welter

home english | home deutsch | Site Map | Sascha | Kontakt | Pro | Weblog | Wiki

15 July 2007

Is there anyone who cares about the SSH worm?

Bye bye...

Please excuse the rant... everybody talks about Windoze malware, but is there anybody who is at all interested about the tons of Unix boxes who carry the SSH worm around? (Everybody knows which one I'm talking about, the one that closes every couple of login attempts with "Bye bye".) My authlog looks like a playground of the careless Unix owners. I'm getting tons of connection attempts from places like universities, companies, providers, about everywhere. By now I have of course blocked most of the world based on IP ranges, but still there are a lot of attempts.

So, what's it really? Are there so many clueless Unix admins around who use (or reuse) simple passwords? Are there Linux distros around with default passwords? What's happening really?

I know that I'm using pretty tough passwords, but all the connection attempts are annoying and a waste of bandwidth. Before I closed most of the IP space, I had 10000s of login attempts from some hosts and up to a hundred or so hosts with 1000s of attempts every day. The proper course of action of writing to the abuse account of the network range is just not viable (and of course totally useless for e.g. korean IPs). I just can't imagine anyone of these people to care for their rooted machines. So is the Unix world just happy to look down on the Windoze world and assuming that *nix worms are a thing of the past while ignoring the daily filth in our own world?

Update: Here is some analysis of what the attackers try to do. Doesn't address the underlying problem of why they are so successful.


Posted by betabug at 22:17 | Comments (2) | Trackbacks (0)
ch athens
Life in Athens (Greece) for a foreigner from the other side of the mountains. And with an interest in digital life and the feeling of change in a big city. Multilingual English - German - Greek.
Main blog page
Recent Entries
Best of
Some of the most sought after posts, judging from access logs and search engine queries.

Apple & Macintosh:
Security & Privacy:
Misc technical:
Athens for tourists and visitors:
Life in general:
<< Stair-Life | Main | ...and now Ymittos is burning >>
Comments
Re: Is there anyone who cares about the SSH worm?

I am also getting a whole lot of ssh login attempts to root coming in from all over the place. Can't be a windows worm if it's trying ssh. any idea which one it might be? don't know of any worms that try ssh.

Perhaps this?
http://www.securityfocus.com/infocus/1876

Posted by: Gautham Ganapathy at October 23,2009 01:57
Re: Is there anyone who cares about the SSH worm?

Gautham, I don't get your question. Of course it's not a Windows worm. It's the SSH worm. It's trying for "open" doors on Unix (likely Linux really) servers. By now there are multiple analysis of this worm online, the page you gave there is one such analysis, but there are more pages about what's happening.

Posted by: betabug at October 23,2009 09:15
Trackbacks
You can trackback to: http://betabug.ch/blogs/ch-athens/642/tbping
There are no trackbacks.
Leave a comment