[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]
Re: New Worm
Which all distribution can get affected? How can patched be applied. What
are the preventive steps to combat a Worm??
----- Original Message -----
Sent: Saturday, April 14, 2001 2:00 PM
Subject: [linux-delhi] New Worm
> Dangerous New Worm Spreading on the Internet, Affecting Linux Systems
> On March 22, the SANS Institute (through its Global Incident Analysis
> Center) uncovered a dangerous new worm that appears to be spreading
> across the Internet. It scans the Internet looking for Linux computers
> with a known vulnerability. It infects the vulnerable machines, steals the
> password file (sending it to a China.com site), installs other hacking
> tools, and forces the newly infected machine to begin scanning the
> looking for other victims.
> The Lion worm is similar to the Ramen worm. However, this worm is
> significantly more dangerous and should be taken very seriously. It
> infects Linux machines running the BIND DNS server. It is known to infect
> bind version(s) 8.2, 8.2-P1, 8.2.1, 8.2.2-Px, and all 8.2.3-betas. The
> specific vulnerability used by the worm to exploit machines is the TSIG
> vulnerability that was reported on January 29, 2001.
> At this time, the Lionfind detection utility is not able to remove the
> virus from the system. If and when an updated version becomes available
> (and SANS expects to provide one), an announcement will be made at the
> For full details on the story from the SANS website, go to:
> To download a utility called Lionfind that will detect the Lion files on
> infected system, go to: http://www.sans.org/y2k/lionfind-0.1.tar.gz
> This message is for the designated recipient only and may contain
> privileged or confidential information. If you have received it in error,
> please notify the sender immediately and delete the original. Any other
> use of the email by you is prohibited.
> An alpha version of a web based tool to manage
> your subscription with this mailing list is at
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com