Security: Linux/BIND worm on the loose

Edward Glowacki glowack2@msu.edu
Fri, 23 Mar 2001 15:19:04 -0500

Previous message: emacs
Next message: Security: Linux/BIND worm on the loose
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Information is available at http://www.sans.org/y2k/lion.htm,
Somehow my email copy of this advisory deleted itself (not sure
how that happened, went to forward it to the list, aborted for a
second to look at something else, came back and it was gone...),
so I'll quickly summarize for you:

The worm infects Linux boxen running BIND.
It sends your password files away.
It turns off syslog.
It starts some servers to provide back doors into your system.
It installs a rootkit that replaces many binaries on your system.

Follow the link above for the complete story.  If you're running
a name server on any of your Linux boxes, it's time to make sure
BIND is up to date and that you haven't already been infected.

-- 
Edward Glowacki			glowack2@msu.edu
Michigan State University

Previous message: emacs
Next message: Security: Linux/BIND worm on the loose
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]