Spreads via password authenticated SSH, which is the first thing you disable when you set up an SSH server. Doesn't hide its CPU usage. Does a few mildly crafty things to prevent reverse engineering, but overall this "worm" just seems like it's picking low-hanging fruit.<p>This doesn't seem serious at all, nor difficult to detect. Am I missing something?
> Akamai has been monitoring NoaBot for the past 12 months in a honeypot that mimics real Linux devices to track various attacks circulating in the wild. To date, attacks have originated from 849 distinct IP addresses<p>This doesn't sound particularly new or concerning. Right?
Whenever I see a story like this I just feel how f**d we are.<p>When you can waste an exploit like this on installing crypto<p>Whatever NSA and other advanced nation states have is magnitudes next level.<p>NSO Group sells some advanced stuff, but again what Israel keeps behind
locked doors again have to be magnitudes next level.
Attack on weak ssh passwords. I'd say it's a good thing these viruses are going around, it serves as a good reminder to either switch to public key auth or use strong passwords.