[ Thanks to Peter N. M.
Hansteen for this link. ]
“It turns out I was wrong. Returning to my log
summaries after taking a few days off from log data (yes, easter is
big here, even moves geeks sometimes to take time off) I find data
with almost exactly the same profile as last December’s series.“This can only mean that there were enough successful attempts
at guessing people’s weak passwords in the last round that our
unknown perpetrators found it worthwhile to start another round.
For all I know they may have been at it all along, probing other
parts of the Internet far from my unfasionable backwaters.“Anyway, they are most certainly back. A summary of the data so
far follows in the concluding section. Please note that I would be
very interested in communicating with other parties who see similar
activity in their logs, and if you are responsible for one or more
of the systems identified or you know who is, I urge you to take
appropriate action.”