SSHeater - SSH

This is a discussion on SSHeater - SSH ; SSHeater v1.1 "SSHeater is a software that infects the OpenSSH daemon in run-time in order to log all future sessions and implement a backdoor, where a single password, chosen by the user, can log into all accounts in the system. ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: SSHeater

  1. SSHeater

    SSHeater v1.1

    "SSHeater is a software that infects the OpenSSH daemon in
    run-time in order to log all future sessions and implement a
    backdoor, where a single password, chosen by the user, can
    log into all accounts in the system. There's a log parser
    included in the package that can display authentication
    information about sessions as well as play the session just
    like TTYrec/play."
    > http://www.gotfault.net/research.php



  2. Re: SSHeater

    Anonyma wrote:
    > SSHeater v1.1
    >
    > "SSHeater is a software that infects the OpenSSH daemon in
    > run-time in order to log all future sessions and implement a
    > backdoor, where a single password, chosen by the user, can
    > log into all accounts in the system. There's a log parser
    > included in the package that can display authentication
    > information about sessions as well as play the session just
    > like TTYrec/play."
    >> http://www.gotfault.net/research.php

    >


    And you want us run a .php executable just to read all about it? Sounds
    suspicious to me. I think I'll pass.

  3. Re: SSHeater

    Chuck wrote:
    > Anonyma wrote:
    >> SSHeater v1.1
    >>
    >> "SSHeater is a software that infects the OpenSSH daemon in
    >> run-time in order to log all future sessions and implement a
    >> backdoor, where a single password, chosen by the user, can
    >> log into all accounts in the system. There's a log parser
    >> included in the package that can display authentication
    >> information about sessions as well as play the session just
    >> like TTYrec/play."
    >>> http://www.gotfault.net/research.php

    >
    > And you want us run a .php executable just to read all about it? Sounds
    > suspicious to me. I think I'll pass.


    No, the OP wants you to visit a site where the server will run a PHP
    script to present you with dynamic content. I would be more suspicious
    of the fact that it is providing code claiming to exploit servers and
    install back doors. I'm not going to try building the code, although if
    anyone wants to download the source from the site and examine it...
    --
    Flash Gordon, living in interesting times.
    Web site - http://home.flash-gordon.me.uk/
    comp.lang.c posting guidelines and intro:
    http://clc-wiki.net/wiki/Intro_to_clc

+ Reply to Thread