Users login

Create an account »


Users login

Home » Hacking News » Hackers Put A Price Tag On New Attack Tool

Hackers Put A Price Tag On New Attack Tool

by Majik on October 19th, 2001 A new hacking tool is being actively used by attackers hoping to take remote control of unpatched Unix-based systems, security experts warned today.

The tool appears to exploit a known bug in a popular authentication technology called Secure Shell (SSH), according to Simple Nomad, senior security analyst with Bindview Corporation. The security firm's RAZOR team, a research and development group, discovered the flaw in the SSH daemon, which it dubbed the crc32 vulnerability, last winter.

In its February advisory, Bindview stated that it was aware of no working exploits for the overflow flaw in the SSH daemon. But last week, rumors spread in the hacker underground that scripts were available to gain "root" or system-level access to vulnerable systems. And in recent days, system operators have posted reports on security mailing lists saying they are receiving remote scans from attackers attempting to locate vulnerable systems running SSH.

According to Roelof Temmingh, technical director for SensePost, an information security consulting firm, several versions of the SSH attack scripts have been available over Internet relay chat and other online forums for approximately one week.

SSH is a technology developed by SSH Communications Security that enables users to securely log into a remote system and move files. The protocol is included with several Unix-based commercial operating systems including Sun Solaris, IBM AIX, and HP-UX.

A free version of the protocol, known as OpenSSH, is integrated into many open-source Unix-based operating systems, including versions of Linux and BSD.

While the attack tools exploit a relatively old bug for which patches were issued months ago, Temmingh reports that one individual was asking for unspecified financial compensation for sharing the script - a development which he views as ominous.

"At $1000 an exploit, who are you going to attract? People that will pay that amount of money must surely be in a situation that will make it worth their while," said Temmingh.

If hackers are in fact charging money for the new SSH attack script, it would be a first, said Ryan Russell, incident analyst for SecurityFocus.

"All the instances I'm aware of involved trading one exploit for another. This is just more blatant," he said.

According to Bindview's advisory, the crc32 vulnerability does not affect current versions of SSH or OpenSSH. The advisory also contains information about patches for older versions of SSH-protocol implementations.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »