[CentOS] duqu

Tue Dec 6 20:36:41 UTC 2011
Les Mikesell <lesmikesell at gmail.com>

On Tue, Dec 6, 2011 at 2:18 PM, Karanbir Singh <mail-lists at karan.org> wrote:
> On 12/06/2011 08:09 PM, Les Mikesell wrote:
>> Any luck on  the specific attack path yet?  The linked article
>> suggests Centos up to 5.5 was vulnerable.
> We  dont have access to the actual machines that were broken into - so
> pretty much everything is second hand info.
> But based on what we know and what we have been told and what we have
> worked out ourselves as well, its almost certainly bruteforced ssh
> passwords.

So, coincidence that they were CentOS, and pre-5.6?   Did they have
admins in common?

  Les Mikesell
    lesmikesell at gmail.com