Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

A programming language is low level when its programs require attention to the irrelevant.


computers / comp.security.ssh / New P2P botnet infects SSH servers

SubjectAuthor
o New P2P botnet infects SSH serversnolo...@gmail.com

1
Subject: New P2P botnet infects SSH servers
From: nolo...@gmail.com
Newsgroups: comp.security.ssh
Date: Thu, 27 Aug 2020 22:15 UTC
X-Received: by 2002:a0c:e102:: with SMTP id w2mr21229530qvk.51.1598566551005;
Thu, 27 Aug 2020 15:15:51 -0700 (PDT)
X-Received: by 2002:a4a:dfd4:: with SMTP id p20mr15985598ood.86.1598566550778;
Thu, 27 Aug 2020 15:15:50 -0700 (PDT)
Path: i2pn2.org!i2pn.org!aioe.org!peer03.ams4!peer.am4.highwinds-media.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.security.ssh
Date: Thu, 27 Aug 2020 15:15:50 -0700 (PDT)
Complaints-To: groups-abuse@google.com
Injection-Info: google-groups.googlegroups.com; posting-host=71.179.5.32; posting-account=JaIlggoAAACOBpxZCh4SgHyHjV1XNa0s
NNTP-Posting-Host: 71.179.5.32
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <3ef23fbc-1543-4e45-88af-25f2e21e1bcdn@googlegroups.com>
Subject: New P2P botnet infects SSH servers
From: noloa...@gmail.com (nolo...@gmail.com)
Injection-Date: Thu, 27 Aug 2020 22:15:50 +0000
Content-Type: text/plain; charset="UTF-8"
X-Received-Bytes: 1615
X-Received-Body-CRC: 2217977597
View all headers
Hi Everyone,

I was reading https://arstechnica.com/information-technology/2020/08/new-p2p-botnet-infects-ssh-servers-all-over-the-world/
and https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
The articles are a bit light on details with respect to infection
mechanisms.

Is there an active vulnerability associated with FritzFrog? Or does
the malware rely on accounts with weak/wounded/disclosed passwords and
non-protected private keys?

(I'm running OpenSSH 8.3p1, but I'm wondering about a possible new
release soon).

Jeff


1
rocksolid light 0.7.2
clearneti2ptor