[ Thanks to Peter N. M.
Hansteen for this link. ]
“A new round of slow, distributed bruteforce attacks is
in progress. Just like the other times we know about (see
references later), the initial target is root. This time around I
see only one of my ssh-contactable machines targeted, and the
dribble started on September 30th.“I’ve put the raw data so far up for study here (a total of 6067
attempts), and a list of hosts sorted by number of attempts (the
first column) can be found here (770 hosts, with up to 32 attempts
each). Quite likely I’ll be collecting more data and publishing
updates when I have a few free moments.“A number of people were kind enough to contact me in the
followup of the earlier articles, and from one of my correspendents
(who asked not to be named) I learned that the likely culprit is a
piece of Linux malware known as dt_ssh5. If you type dt_ssh5 into
your favorite search engine, it will turn up a few hits, but
significantly fewer than the number of hosts in my sample. A couple
of those documents have some analysis of how a badly secured web
application let the miscreants in.”
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.