[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] ssh 3.2.9.1 backdoor could not log the login info



hi list:
    the aion ssh patch for ssh 3.2.9.1 from packetstorm
http://packetstormsecurity.org/UNIX/patches/apatch-ssh-3.2.9.1

modified the LEETPASS and SSH_LOG,and replace the orgin sshd2 with the trojaned 
one.

But when I loggin the server without the Magic Password,I could only find some 
strange stings
in the log file which looks like below
 
???胚臀窝稳脱褪窝魄喏??胚??????????????????胚臀窝稳脱褪窝魄喏??胚??????????????????胚臀窝稳脱褪窝魄喏??胚??????????????????胚臀窝稳脱褪窝魄喏??胚??????????????????胚臀窝稳脱褪窝魄喏??胚??????????????????胚臀窝稳脱褪窝魄喏??胚??????????????????胚臀窝稳脱褪窝魄喏??胚??????????????????胚臀窝稳脱褪窝蜗蛇???????喏??胚???????????咄挝盐韧淹饰盐仙喏??胚??????????????????胚臀窝稳脱褪窝蜗诉???????喏??胚????????

anybody has any idea about ssh trojan ? (not for openssh)

thx.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/