[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: New Worm

Which all distribution can get affected? How can patched be applied. What
are the preventive steps to combat a Worm??

----- Original Message -----
From: <rajan.sachdeva@xxxxxxxxxxxxx>
To: <linux-delhi@xxxxxxxxxxxxxxxxxxxxx>
Sent: Saturday, April 14, 2001 2:00 PM
Subject: [linux-delhi] New Worm

> Dangerous New Worm Spreading on the Internet, Affecting Linux Systems
> On March 22, the SANS Institute (through its Global Incident Analysis
> Center) uncovered a dangerous new worm that appears to be spreading
> across the Internet.  It scans the Internet looking for Linux computers
> with a known vulnerability. It infects the vulnerable machines, steals the
> password file  (sending it to a China.com site), installs other hacking
> tools, and forces the newly infected machine to begin scanning the
> looking for other victims.
> The Lion worm is similar to the Ramen worm. However, this worm is
> significantly more dangerous and should be taken very seriously.  It
> infects Linux machines running the BIND DNS server.  It is known to infect
> bind version(s) 8.2, 8.2-P1, 8.2.1, 8.2.2-Px, and all 8.2.3-betas. The
> specific vulnerability used by the worm to exploit machines is the TSIG
> vulnerability that was reported on January 29, 2001.
> At this time, the Lionfind detection utility is not able to remove the
> virus from the system.  If and when an updated version becomes available
> (and SANS expects to provide one), an announcement will be made at the
> site.
> For full details on the story from the SANS website, go to:
> http://www.sans.org/y2k/lion.htm
> To download a utility called Lionfind that will detect the Lion files on
> infected system, go to: http://www.sans.org/y2k/lionfind-0.1.tar.gz
> This message is for the designated recipient only and may contain
> privileged or confidential information.  If you have received it in error,
> please notify the sender immediately and delete the original.  Any other
> use of the email by you is prohibited.
> ------------------------------------------------
> An alpha version of a web based tool to manage
> your subscription with this mailing list is at
> http://lists.linux-india.org/cgi-bin/mj_wwwusr

Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com