|
|
|
|
|
|
by Chickenosaurus
2121 days ago
|
|
|
It seems to me this bot could be disabled. Every bot has a list of peers and their SSH credentials. This way, peers can reinfect machines that were restarted, thus allowing the bot to be volatile on the infected machine. The article says the researchers can join the peer-to-peer network. The researchers should be able to get a list of all infected machines including SSH credentials. These credentials could be used to remove the backdoor SSH key, kill the bot & netcat processes and maybe change the SSH password on all infected machines at the same time. Am I missing something? |
|
|