[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: "Linux VIRUS!!!"

On Thu, 18 Jan 2001, shubhendu spewed into the ether:
> dear friends
> so for those infected with this worm
> check y'r all the configuration files for mdification time and the
> one stated above as hacker have created some loopholes that can be
> used later
A very detailed fix for this is listed on securityfocus.
remove /usr/src/.poop
rm -f /sbin/asp
You have to remove one line from /etc/rc.d/rc.sysinit placed by the worm
Two new services are added to /etc/rc.d/init.d/
Remove those.
The worm also adds anonymous and ftp to your /etc/ftpusers file.

Temporary fix to avoid getting infected:
Do not allow anonymous ftp with wu-ftpd
do not run rpc services (turn off portmapper)

Devdas Bhagat
I'm ZIPPY the PINHEAD and I'm totally committed to the festive mode.