[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

FW: New Linux Worm

To: "'linux-delhi@xxxxxxxxxxxxxxxxxxxxx'" <linux-delhi@xxxxxxxxxxxxxxxxxxxxx>
Subject: FW: New Linux Worm
From: Puneet Parashar <puneet_parashar@xxxxxxxx>
Date: Wed, 4 Apr 2001 11:35:19 +0530

Hi

got this from a friend
cant make much of it
hope it makes some sense to you and may be useful...if so please let me know
read on:

-----Original Message-----
Sent: Wednesday, April 04, 2001 2:03 AM
Subject: New Linux Worm


This worm is basicly a worm that exploits all the
stuff we've seen in all the latest worms(lpd, statd,
wu-ftp 2.6.0 and bind ).  it does add some things to
it.  One of the main signs is that it backdoors
/bin/ps and moves the old one to /usr/bin/adore.  It
all mv /etc/cron.daily/0anacron to 0anacron-bak and
replaces it with a script to start the scanning for
all 4 exploits, rm's it's self after a day, and emails
a copy of the system's ip and the logs of the scans to

adore9000@xxxxxxxx
and
adore9000@xxxxxxxx

I haven't looked very much at it but if you've updated
your machines since the last bind hole you should be
fine.

Prev by Subject: Re: Need RH 6.2 or Red Hat 7.0
Next by Subject: New Linux worm: 'Adore' makes its appearance Article by Robert Lemos, ZDNN, 05 April 2001
Previous by thread: Re: Dangerous bug in IE
Next by thread: Re: X problem
Index(es):
- Subject
- Thread