The Hail Mary Cloud: A Widely Distributed, Low Intensity Password Guessing Botnet

The Hail Mary Cloud was a widely distributed, low intensity password guessing botnet that targeted Secure Shell (ssh) servers on the public Internet.

The first activity may have been as early as 2007, our first recorded data start in late 2008. Links to full data and extracts are found in this presentation.

We present the basic behavior and algorithms, and point to possible policies for staying safe(r) from similar present or future attacks.

But first, the devil we knew -