[CentOS] duqu
m.roth at 5-cent.us
m.roth at 5-cent.us
Tue Dec 6 20:40:26 UTC 2011
Les Mikesell wrote:
> On Tue, Dec 6, 2011 at 2:18 PM, Karanbir Singh <mail-lists at karan.org>
> wrote:
>> On 12/06/2011 08:09 PM, Les Mikesell wrote:
>>> Any luck on the specific attack path yet? The linked article
>>> suggests Centos up to 5.5 was vulnerable.
>>
>> We dont have access to the actual machines that were broken into - so
>> pretty much everything is second hand info.
>>
>> But based on what we know and what we have been told and what we have
>> worked out ourselves as well, its almost certainly bruteforced ssh
>> passwords.
>
> So, coincidence that they were CentOS, and pre-5.6? Did they have
> admins in common?
Just incompetent ones. I believe I remember a map on the article, and they
had one or more in Poland, and some in southeast Asia, etc.
mark
More information about the CentOS
mailing list