[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: "Linux VIRUS!!!"

dear friends 

i have incountered with this worm yesterday when a nearby cyber cafe man
complained for his system hack

the worm has done following things 

1. it has created a dir .poop in /usr/src having around 20 to 25 files 
2. the worm has changed following files 

    all the index.html files were changed to its own index.html file
    saying something as hackers love nooooooooooodules 

    it has put some script in /etc/rc.d/rc.sysinit

    it adds  asp file in /sbin dir 

    it has added a service named asp in /etc/inetd.cong  
    (seems to be a one mane by hacker)

    it adds two new ftp groups in /etc/ftpusres : ftp and anonymous
    it kills rpc.statd and rpc.rstatd
    lpd killed and restarted 

a lot more that is done like getting y'r current ip address , might be
user for some thing 

the files in /usr/src/.poop contained no of binary files as well that cant
be understood 

so for those infected with this worm 

check y'r all the configuration files for mdification time and the one
stated above as hacker have created some loopholes that can be used later

remove the dir /usr/src/.pooop from the system 
correct me if a'm wrong somewhere 


On Thu, 18 Jan 2001, Deepak Joglekar wrote:

> CNET News.com Alert
> Keywords: Linux
> -----------------------------------------------------------
> Internet worm squirms into Linux servers
> January 17, 2001
> An Internet worm cobbled together from generally available hacking tools has compromised hundreds, perhaps thousands, of Linux servers by using two well-known security flaws in applications set up during the default installation of Red Hat Linux software.
> For more information, see:
> http://news.cnet.com/news/0-1003-201-4508359-0.html
> -- 
> Deepak Joglekar
> joglekar@xxxxxxx
> ----------------
>      /\^/\
>      (o.o)
> --oOo-(_)-oOo--
> ---------------------------------------------
> LIP is all for free speech.  But it was created
> for a purpose.  Violations of the rules of
> this list will result in stern action.