[CentOS] duqu
m.roth at 5-cent.us
m.roth at 5-cent.usWed Nov 30 18:05:28 UTC 2011
- Previous message: [CentOS] CentOS-announce Digest, Vol 81, Issue 14
- Next message: [CentOS] duqu
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
There's an article on slashdot about the Duqu team wiping all their intermediary c&c servers on 20 Oct. Interestingly, the report says that they were all (?) not only linux, but CentOS. There's a suggestion of a zero-day exploit in openssh-4.3, but both the original article, and Kaspersky labs (who have a *very* interesting post of the story) consider that highly unlikely, and the evidence points to brute-force attacks against the root password. Then they update openssh and openssh-server. And then, at some point, they apparently take an ubuntu/debian openssh 5.9p1 (then p2) source package, and install *that* My manager suggest updating openssh to block other attackers (who actually might screw their attack). It still seems odd to me to yum update, then build the software from source. Are your root passwords strong? mark PS: Oh, yes: <http://it.slashdot.org/story/11/11/30/1610228/duqu-attackers-managed-to-wipe-cc-servers>
- Previous message: [CentOS] CentOS-announce Digest, Vol 81, Issue 14
- Next message: [CentOS] duqu
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list