[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: "Linux VIRUS!!!"

To: linux-india-programmers@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: "Linux VIRUS!!!"
From: Devdas Bhagat <dodobh@xxxxxxxxxxx>
Date: Sat, 20 Jan 2001 08:54:45 +0600
In-reply-to: <Pine.LNX.4.04.10101181724290.19109-100000@xxxxxxxxxxxxxxxxxxxxx>
References: <Pine.LNX.4.04.10101181724290.19109-100000@xxxxxxxxxxxxxxxxxxxxx>
Reply-to: dodobh@xxxxxxxxxxx

On Thu, 18 Jan 2001, shubhendu spewed into the ether:
> dear friends
> so for those infected with this worm
>
> check y'r all the configuration files for mdification time and the
> one stated above as hacker have created some loopholes that can be
> used later
A very detailed fix for this is listed on securityfocus.
IIRC,
remove /usr/src/.poop
rm -f /sbin/asp
You have to remove one line from /etc/rc.d/rc.sysinit placed by the worm
Two new services are added to /etc/rc.d/init.d/
Remove those.
The worm also adds anonymous and ftp to your /etc/ftpusers file.

Temporary fix to avoid getting infected:
Do not allow anonymous ftp with wu-ftpd
do not run rpc services (turn off portmapper)

Devdas Bhagat
--
I'm ZIPPY the PINHEAD and I'm totally committed to the festive mode.

References:
- Re: "Linux VIRUS!!!"
  - From: shubhendu

Prev by Subject: Re: "Linux VIRUS!!!"
Next by Subject: RE: "time complexity"
Previous by thread: Re: "Linux VIRUS!!!"
Next by thread: Re: "time complexity"
Index(es):
- Subject
- Thread