Date: Fri, 13 Aug 2004 16:57:07 +0200 From: Jan Muenther <jan.muenther@nruns.com> To: Sandor Berta <berta@beco.hu> Cc: freebsd-security@freebsd.org Subject: Re: sequences in the auth.log Message-ID: <20040813145707.GB2097@localghost.muenther.de> In-Reply-To: <411CCAAE.7020505@beco.hu> References: <411CCAAE.7020505@beco.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
Heya, this is probably the same piece of malware that has been discussed on f-d recently. The username/password combination guest and test are hardcoded into a little statically linked binary which is commonly used together with a SYN scanner. Chances are good these attempts are coming from a compromised box - you may want to look into that if it is in your realms. If you need more info, I disassembled them both and made a quick analysis, check the f-d archives. Cheers, J.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040813145707.GB2097>