Security VulnerabilitiesNews

GoScanSSH Worm

A new worm, known as GoScanSSH, has been observed targeting publicly accessible Linux Secure Shell servers.

Initial access is gained using a list of credentials, with unique malware binaries used to infect a target device. GoScanSSH will then attempt to determine the number of hash computations the device can perform in a fixed interval, defining how powerful it is. This data, along with further information regarding the device, is sent to a command and control server.

GoScanSSH is capable of scanning and infecting other vulnerable SSH servers using randomly generated IP addresses. These are compared to a list of ranges known to be controlled by government or military entities and if no match is found, GoScanSSH will initiate an attack.

Further details here.

Affected Platforms:

Linux-based SSH Servers




Duncan

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.