[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: "Linux VIRUS!!!"

To: linux-india-help@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: "Linux VIRUS!!!"
From: shubhendu <97co266@xxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 18 Jan 2001 17:47:29 +0530 (IST)
Cc: linux-india-programmers@xxxxxxxxxxxxxxxxxxxxx
In-reply-to: <20010118075746.21ed5919.joglekar@eth.net>

dear friends 

i have incountered with this worm yesterday when a nearby cyber cafe man
complained for his system hack

the worm has done following things 

1. it has created a dir .poop in /usr/src having around 20 to 25 files 
2. the worm has changed following files 

    all the index.html files were changed to its own index.html file
    saying something as hackers love nooooooooooodules 

    it has put some script in /etc/rc.d/rc.sysinit

    it adds  asp file in /sbin dir 

    it has added a service named asp in /etc/inetd.cong  
    (seems to be a one mane by hacker)

    it adds two new ftp groups in /etc/ftpusres : ftp and anonymous
  
    it kills rpc.statd and rpc.rstatd
   
    lpd killed and restarted 
   

a lot more that is done like getting y'r current ip address , might be
user for some thing 

the files in /usr/src/.poop contained no of binary files as well that cant
be understood 

so for those infected with this worm 

check y'r all the configuration files for mdification time and the one
stated above as hacker have created some loopholes that can be used later
 

remove the dir /usr/src/.pooop from the system 
 
correct me if a'm wrong somewhere 

shubh
REC-Surat

On Thu, 18 Jan 2001, Deepak Joglekar wrote:

> 
> CNET News.com Alert
> 
> Keywords: Linux
> -----------------------------------------------------------
> Internet worm squirms into Linux servers
> January 17, 2001
> 
> An Internet worm cobbled together from generally available hacking tools has compromised hundreds, perhaps thousands, of Linux servers by using two well-known security flaws in applications set up during the default installation of Red Hat Linux software.
> 
> For more information, see:
> http://news.cnet.com/news/0-1003-201-4508359-0.html
> 
> 
> -- 
> Deepak Joglekar
> joglekar@xxxxxxx
> ----------------
>      /\^/\
>      (o.o)
> --oOo-(_)-oOo--
> 
> ---------------------------------------------
> LIP is all for free speech.  But it was created
> for a purpose.  Violations of the rules of
> this list will result in stern action.
> 
\\\\\\\\\\\\\\\

Follow-Ups:
- Re: "Linux VIRUS!!!"
  - From: Shridhar Daithankar
- Re: "Linux VIRUS!!!"
  - From: Devdas Bhagat

References:
- Re: "Linux VIRUS!!!"
  - From: Deepak Joglekar

Prev by Subject: Re: "Linux VIRUS!!!"
Next by Subject: Re: "Linux VIRUS!!!"
Previous by thread: Re: "Linux VIRUS!!!"
Next by thread: Re: "Linux VIRUS!!!"
Index(es):
- Subject
- Thread