[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

FW: New Linux Worm



Hi

got this from a friend
cant make much of it
hope it makes some sense to you and may be useful...if so please let me know
read on:

-----Original Message-----
Sent: Wednesday, April 04, 2001 2:03 AM
Subject: New Linux Worm


This worm is basicly a worm that exploits all the
stuff we've seen in all the latest worms(lpd, statd,
wu-ftp 2.6.0 and bind ).  it does add some things to
it.  One of the main signs is that it backdoors
/bin/ps and moves the old one to /usr/bin/adore.  It
all mv /etc/cron.daily/0anacron to 0anacron-bak and
replaces it with a script to start the scanning for
all 4 exploits, rm's it's self after a day, and emails
a copy of the system's ip and the logs of the scans to

adore9000@xxxxxxxx
and
adore9000@xxxxxxxx

I haven't looked very much at it but if you've updated
your machines since the last bind hole you should be
fine.