[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: New Worm

To: <linux-delhi@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: New Worm
From: "Lokesh" <lokeshbhog@xxxxxxxxx>
Date: Sun, 15 Apr 2001 12:48:35 +0530
References: <OF0A843291.7BC9C086-ON65256A2E.002E9F17@accenture.com>

Which all distribution can get affected? How can patched be applied. What
are the preventive steps to combat a Worm??

Lokesh
----- Original Message -----
From: <rajan.sachdeva@xxxxxxxxxxxxx>
To: <linux-delhi@xxxxxxxxxxxxxxxxxxxxx>
Sent: Saturday, April 14, 2001 2:00 PM
Subject: [linux-delhi] New Worm


>
> FYI
>
> Dangerous New Worm Spreading on the Internet, Affecting Linux Systems
>
> On March 22, the SANS Institute (through its Global Incident Analysis
> Center) uncovered a dangerous new worm that appears to be spreading
rapidly
> across the Internet.  It scans the Internet looking for Linux computers
> with a known vulnerability. It infects the vulnerable machines, steals the
> password file  (sending it to a China.com site), installs other hacking
> tools, and forces the newly infected machine to begin scanning the
Internet
> looking for other victims.
>
> The Lion worm is similar to the Ramen worm. However, this worm is
> significantly more dangerous and should be taken very seriously.  It
> infects Linux machines running the BIND DNS server.  It is known to infect
> bind version(s) 8.2, 8.2-P1, 8.2.1, 8.2.2-Px, and all 8.2.3-betas. The
> specific vulnerability used by the worm to exploit machines is the TSIG
> vulnerability that was reported on January 29, 2001.
>
> At this time, the Lionfind detection utility is not able to remove the
> virus from the system.  If and when an updated version becomes available
> (and SANS expects to provide one), an announcement will be made at the
SANS
> site.
>
> For full details on the story from the SANS website, go to:
> http://www.sans.org/y2k/lion.htm
>
> To download a utility called Lionfind that will detect the Lion files on
an
> infected system, go to: http://www.sans.org/y2k/lionfind-0.1.tar.gz
>
>
>
>
>
> This message is for the designated recipient only and may contain
> privileged or confidential information.  If you have received it in error,
> please notify the sender immediately and delete the original.  Any other
> use of the email by you is prohibited.
>
>
>
> ------------------------------------------------
> An alpha version of a web based tool to manage
> your subscription with this mailing list is at
> http://lists.linux-india.org/cgi-bin/mj_wwwusr


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

References:
- New Worm
  - From: rajan . sachdeva

Prev by Subject: New Worm
Next by Subject: Fw: Re: NewBie requires help!!!
Previous by thread: Squid & Other related settings
Next by thread: mailing problem & samba!!
Index(es):
- Subject
- Thread