Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 24 Nov 2018 20:08:31 +0000
From:      Steve O'Hara-Smith <steve@sohara.org>
To:        freebsd-questions@freebsd.org
Subject:   Re: New Virus that targets *.nix
Message-ID:  <20181124200831.95698d25ed05d1480fda55f9@sohara.org>
In-Reply-To: <8240dbdb-7e6e-23b7-caa0-9867ab2a74c3@tundraware.com>
References:  <DM5PR20MB210207A5208820C5F435CC1580D50@DM5PR20MB2102.namprd20.prod.outlook.com> <20181124175844.6115411.91608.68576@shaw.ca> <8240dbdb-7e6e-23b7-caa0-9867ab2a74c3@tundraware.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 24 Nov 2018 13:10:57 -0600
Tim Daneliuk <tundra@tundraware.com> wrote:

> On 11/24/18 11:58 AM, Dale Scott wrote:
> > I don't know about everyone else, but considering my general lack of
> > success running Linux shell scripts in general on FBSD, I don't think
> > I'll  panic just yet. ;-) 
> 
> I saw this earlier in the day.  What was unclear to me was the exact
> vector of propagation.  Does it magically appear on my system somehow?

	Apparently it will try and make use of any ssh credentials it can
get at to propagate, so unless it's on a system with credentials to log
into yours then it needs someone to put it there and run it. OTOH if it
gets into a large farm and finds ssh keys with no passphrases (all too
often they'll belong to admins with access all over the place) it's going to
go through it like a dose of salts.

-- 
Steve O'Hara-Smith <steve@sohara.org>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20181124200831.95698d25ed05d1480fda55f9>