Looks like someone has too much time on their hands ;)


Oct 18 15:45:21 solace sshd[11071]: Failed password for root from 67.164.6.153 port 33807 ssh2
Oct 18 15:45:21 solace sshd[11071]: Received disconnect from 67.164.6.153:11: Bye Bye
Oct 18 15:45:22 solace sshd[25811]: Failed password for root from 67.164.6.153 port 33835 ssh2
Oct 18 15:45:22 solace sshd[3593]: Failed password for root from 67.164.6.153 port 33835 ssh2
Oct 18 15:45:22 solace sshd[25811]: Received disconnect from 67.164.6.153:11: Bye Bye
Oct 18 15:45:24 solace sshd[16375]: Failed password for root from 67.164.6.153 port 33864 ssh2
Oct 18 15:45:24 solace sshd[11608]: Failed password for root from 67.164.6.153 port 33864 ssh2
Oct 18 15:45:24 solace sshd[16375]: Received disconnect from 67.164.6.153: 11: Bye Bye
Oct 18 15:45:25 solace sshd[28896]: Failed password for root from 67.164.6.153 port 34292 ssh2
Oct 18 15:45:25 solace sshd[13711]: Failed password for root from 67.164.6.153 port 34292 ssh2
Oct 18 15:45:25 solace sshd[28896]: Received disconnect from 67.164.6.153: 11: Bye Bye
Oct 18 15:45:27 solace sshd[30597]: Invalid user rolo from 67.164.6.153
Oct 18 15:45:27 solace sshd[1659]: input_userauth_request: invalid user rolo
Oct 18 15:45:27 solace sshd[1659]: Failed password for invalid user rolo from 67.164.6.153 port 34316 ssh2
Oct 18 15:45:27 solace sshd[30597]: Failed password for invalid user rolo from 67.164.6.153 port 34316 ssh2
Oct 18 15:45:27 solace sshd[1659]: Received disconnect from 67.164.6.153: 11: ByBye
Oct 18 15:45:28 solace sshd[4653]: Invalid user iceuser from 67.164.6.153
Oct 18 15:45:28 solace sshd[29088]: input_userauth_request: invalid user iceuser
Oct 18 15:45:28 solace sshd[29088]: Failed password for invalid user iceuser from 67.164.6.153 port 34342 ssh2
Oct 18 15:45:28 solace sshd[4653]: Failed password for invalid user iceuser from 67.164.6.153 port 34342 ssh2
Oct 18 15:45:28 solace sshd[29088]: Received disconnect from 67.164.6.153: 11: Bye Bye
Oct 18 15:45:29 solace sshd[9768]: Invalid user horde from 67.164.6.153
Oct 18 15:45:29 solace sshd[6900]: input_userauth_request: invalid user horde
Oct 18 15:45:29 solace sshd[9768]: Failed password for invalid user horde from 67.164.6.153 port 34363 ssh2
Oct 18 15:45:29 solace sshd[6900]: Failed password for invalid user horde from 67.164.6.153 port 34363 ssh2
Oct 18 15:45:30 solace sshd[6900]: Received disconnect from 67.164.6.153: 11: Bye Bye
Oct 18 15:45:34 solace sshd[3843]: Invalid user cyrus from 67.164.6.153
Oct 18 15:45:34 solace sshd[10355]: input_userauth_request: invalid user cyrus
Oct 18 15:45:34 solace sshd[3843]: Failed password for invalid user cyrus from 67.164.6.153 port 34782 ssh2
Oct 18 15:45:34 solace sshd[10355]: Failed password for invalid user cyrus from 67.164.6.153 port 34782 ssh2
Oct 18 15:45:34 solace sshd[10355]: Received disconnect from 67.164.6.153: 11: B
ye Bye
Oct 18 15:45:35 solace sshd[15704]: Failed password for www from 67.164.6.153 po
rt 35258 ssh2
Oct 18 15:45:35 solace sshd[24144]: Failed password for www from 67.164.6.153 po
rt 35258 ssh2
Oct 18 15:45:35 solace sshd[15704]: Received disconnect from 67.164.6.153: 11: B
ye Bye
Oct 18 15:45:36 solace sshd[9889]: Invalid user wwwrun from 67.164.6.153
Oct 18 15:45:36 solace sshd[10883]: input_userauth_request: invalid user wwwrun
Oct 18 15:45:36 solace sshd[10883]: Failed password for invalid user wwwrun from
67.164.6.153 port 35285 ssh2
Oct 18 15:45:36 solace sshd[9889]: Failed password for invalid user wwwrun from
67.164.6.153 port 35285 ssh2
Oct 18 15:45:36 solace sshd[10883]: Received disconnect from 67.164.6.153: 11: B
ye Bye
Oct 18 15:45:38 solace sshd[13840]: Invalid user matt from 67.164.6.153
Oct 18 15:45:38 solace sshd[14821]: input_userauth_request: invalid user matt
Oct 18 15:45:38 solace sshd[14821]: Failed password for invalid user matt from 67.164.6.153 port 35306 ssh2
Oct 18 15:45:38 solace sshd[13840]: Failed password for invalid user matt from 6
7.164.6.153 port 35306 ssh2
Oct 18 15:45:38 solace sshd[14821]: Received disconnect from 67.164.6.153: 11: Bye Bye
Oct 18 15:45:39 solace sshd[11687]: Invalid user test from 67.164.6.153
Oct 18 15:45:39 solace sshd[15697]: input_userauth_request: invalid user test
Oct 18 15:45:39 solace sshd[15697]: Failed password for invalid user test from 67.164.6.153 port 35330 ssh2
Oct 18 15:45:39 solace sshd[11687]: Failed password for invalid user test from 67.164.6.153 port 35330 ssh2
Oct 18 15:45:39 solace sshd[15697]: Received disconnect from 67.164.6.153: 11: Bye Bye
Oct 18 15:45:40 solace sshd[16012]: Invalid user test from 67.164.6.153
Oct 18 15:45:40 solace sshd[1351]: input_userauth_request: invalid user test
Oct 18 15:45:40 solace sshd[1351]: Failed password for invalid user test from 67.164.6.153 port 35754 ssh2
Oct 18 15:45:40 solace sshd[16012]: Failed password for invalid user test from 67.164.6.153 port 35754 ssh2
Oct 18 15:45:41 solace sshd1351]: Received disconnect from 67.164.6.153: 11: Bye Bye

that appears to be a virus. I do not have a link handy, but I've seen this for a few weeks already in my logs. Nothing to worry about.

See this thread on Full-Disclosure mailing list:
http://lists.netsys.com/pipermail/full-disclosure/2004-July/024340.html

There is a follow-up thread currently in progress...

Ok, I probably should have noted up above that I already knew what this is from. =P Been reading about it for over a month now, I just found it funny that this is the first time Im seeing it in my logs after all this time,,

Ahhh, should've guessed. =)