GoScanSSH Worm
A new worm, known as GoScanSSH, has been observed targeting publicly accessible Linux Secure Shell servers.
Initial access is gained using a list of credentials, with unique malware binaries used to infect a target device. GoScanSSH will then attempt to determine the number of hash computations the device can perform in a fixed interval, defining how powerful it is. This data, along with further information regarding the device, is sent to a command and control server.
GoScanSSH is capable of scanning and infecting other vulnerable SSH servers using randomly generated IP addresses. These are compared to a list of ranges known to be controlled by government or military entities and if no match is found, GoScanSSH will initiate an attack.
Further details here.
Affected Platforms:
Linux-based SSH Servers
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.