Wednesday, July 15, 2009

Fake OpenSSH 0-day, don't run 0pen0wn.c !

There were some rumors of an 0-day OpenSSH vulnerability doing the rounds. It seems this was just a hoax. Compromised systems were due to brute force attacks.

Damien Miller (openSSH) responded that he still has not gotten a single piece of evidence of a 0-day exploit. He summarizes some of the possible attacks and argues that its very unlikely that openSSH can be compromized in those ways. It seems that the actual hacks were brute-force password attacks that actually succeeded. (Source: secgeeks)

Fueled by this hoax, the anti-sec group released some fake shellcode. As some victims that tried it and quickly found out, it will trash your system. So don't run it. If you want a detailed analysis of the shellcode disssasembled, Thierry Zoller posted a good analysis on his blog.

The anti-sec group is also known for the Astalavista and Imageshack incident. See also "Hacker group declares war on the security industry" (Heise)


See also Fake 0pen0wn.c by anti-sec group

No comments: