[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: "Linux VIRUS!!!"


This is making news today in the linux world.

For those who are not aware what it is...

1)It's suspected that some script kiddies generated it.
2)It uses known and patched RPC and wu-ftpd vulerabilities. All of us should thanks Binand/Suresh etc. for promoting pro-ftpd, which is more secure.
3)The worm does not appear harmful.
4)It specifically targets RHL 6.2/6.7
5)It has very fast scanning capacity. Reportedly it can scan a B class network of around 130,000 ips in mere 15 minutes. (Kudos to the ISP of thatr machine. Do that with VSNL, I challenge)
6)All it means

   1)Shut down any unneeded services
   2)Update all daemons running periodically..
   3)Pay attention to what Raju posts under name of security.
   4)Learn something about LIDS/bastille linux/LOMAC etc. and deploy it. Now.


shubhendu wrote:

> dear friends
> i have incountered with this worm yesterday when a nearby cyber cafe man
> complained for his system hack
> the worm has done following things
> 1. it has created a dir .poop in /usr/src having around 20 to 25 files
> 2. the worm has changed following files
>     all the index.html files were changed to its own index.html file
>     saying something as hackers love nooooooooooodules