A server-based botnet that preys on insecure websites is flooding the net with attacks that attempt to guess the login credentials for secure shells protecting Linux boxes, routers, and other network devices.
According to multiple security blogs, the bot compromises websites running outdated versions of phpMyAdmin. By exploiting a vulnerability patched in April, the bot installs a file called dd_ssh, which trawls the net for devices protected by the SSH protocol.

The link for this article located at The Register UK is no longer available.