Noticed 40+ SSH attempts to a FreeNas server from a PC running Avast Free. Assuming the worse and that the PC had been compromised I air gaped the PC from the network to see if it could be recovered.
After a couple of hours of frantic digging and antivirus scans it looks like the Avast Wi-Fi inspector is basically preforming a dictionary attack of default passwords on all network devices. Has anyone else noticed this before?
Information on the Avast website is vague with what security checks the scanner does but within seconds of starting the scan manually I can see SSH attempts again so reasonably sure this is Avast.
Any info on this would be great.