- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Based on Mirai malware, self-replicating NoaBot installs cryptomining app on infected devices.
the NoaBot targets weak passwords connecting SSH connections.
Harden your configs people.
AllowUsers is a really goood one.
Or just don’t allow password auth at all.
Or just have a good password
If we’re going to play that game. Require an Ed25519 key with a strong password.
Or ed25519-sk.
(In this case the “wrench” is just breaking into some weak link that isn’t ssh, once your password is strong to not be a weak link)
Also install something like fail2ban to prevent brute force attacks.
Akamai has published an extensive library of indicators that people can use to check for signs of NoaBot on their devices (https://github.com/akamai/akamai-security-research/tree/main)
GCs those Akamai folks…
What does GC stand for? https://www.acronymfinder.com/Slang/GC.html
Good cunts - it’s originally an Aussie term of endearment, as far as I’m aware
Garbage Collection
What does GC stand for?
Girthy Cocks maybe?
As a compliment, u noe?
Like saying they have Balls of Steel.Game Cube
In this context i’m going with Game Chick from that list, because none make sense to me.
Geocities
here’s a link to the script. its nothing fancy, but makes it easy to check: https://github.com/akamai/akamai-security-research/blob/main/malware/noabot/noabot_detect.sh
here’s a link to the script.
“MagicPussy” doesn’t sound that bad. 😏
Something something “my worm”
Very poor title, like someone’s just got their “Big Book of Clickbait”
Everything is under attack all the time, and everything is never-before-seen until it’s seen.
I love how in security, we have gone from “use strong passwords” to “don’t make your own passwords”, because people will just refuse to learn.
What are you talking about, “Hunter2!” is a fantastic password. It has a capital letter, a number, a special character, and is 8+ characters long, so it works for my bank accounts. What more could you want!
Seriously though, just use a password manager. It’s easier than trying to find a password that works everywhere, and easier than trying to remember a bunch of different (but probably very similar) passwords. I just remember 3 passwords: password manager, email (for password recovery if the password manager goes down), computer login. That’s it, and I have well over a hundred accounts.