I decided to nmap a couple of the hosts back that have been doing the dictionary attacks on me. Of the two that I scanned, they appear to be Windows boxes, but they've got OpenSSH installed as well. Interesting.
I wonder if the SSH daemon is part of the trojan, or if people are putting SSH servers on their Windows servers these days?
[] [tech/security] [permalink]