[NTLUG:Discuss] [Fwd: SANS Detects Dangerous Linux Worm]
MadHat
madhat at unspecific.com
Tue Mar 27 09:31:49 CST 2001
This is a varient of the t0rn root kit (for hiding itself) with some
features of a worm (self propagating). I have seen a lot of people report
it and I was scanned by it and helped the other victim find it. It is
real, but I am not sure how wide spread it is.
if you want to know if you have been hit by a root kit and some worms, be
sure and check out http://www.chkrootkit.org/ for a tool that will search
your system for signs of being rooted.
At 09:26 PM 3/26/2001 -0600, Greg Edwards wrote:
>Internet Week wrote:
> > ***************************************************
> > SANS Detects Dangerous Linux Worm
> >
> > The SANS Institute's Global Incident Analysis Center uncovered a dangerous
> > new worm Friday that appears to be spreading across the Internet.
> >
> > The Lion worm scans the Internet looking for Linux computers with a known
> > vulnerability. The worm then steals the password file, sending it to a
> > China.com site. The worm reportedly installs other hacking tools and forces
> > the infected machine to scan the Internet looking for other victims,
> > according to SANS security experts. The worm also kills the syslogd file
> > so the logging on the system can't be trusted. --Rutrell Yasin
> >
> > Read about how to detect the worm:
> > http://update.internetweek.com/cgi-bin4/flo?y=eC8T0BiYgt0V30MBeL
> >
>
>Anyone come across a system hit by this? Is this a real threat or hype?
>
>--
>Greg Edwards <greg at nas-inet.com>
>_______________________________________________
>http://ntlug.org/mailman/listinfo/discuss
--
MadHat at unspecific.com
More information about the Discuss
mailing list