Security: Linux/BIND worm on the loose
Daniel R . Kilbourne
drk@voyager.net
Fri, 23 Mar 2001 16:19:58 -0500
fscking pathetic....another exploit for a 3monthold known issue.....
Edward Glowacki extolled:
> Information is available at http://www.sans.org/y2k/lion.htm,
> Somehow my email copy of this advisory deleted itself (not sure
> how that happened, went to forward it to the list, aborted for a
> second to look at something else, came back and it was gone...),
> so I'll quickly summarize for you:
>
> The worm infects Linux boxen running BIND.
> It sends your password files away.
> It turns off syslog.
> It starts some servers to provide back doors into your system.
> It installs a rootkit that replaces many binaries on your system.
>
> Follow the link above for the complete story. If you're running
> a name server on any of your Linux boxes, it's time to make sure
> BIND is up to date and that you haven't already been infected.
>
> --
> Edward Glowacki glowack2@msu.edu
> Michigan State University
> _______________________________________________
> linux-user mailing list
> linux-user@egr.msu.edu
> http://www.egr.msu.edu/mailman/listinfo/linux-user
--
--------------------------------
Daniel R. Kilbourne
daniel.kilbourne@voyager.net
Network Engineering
CoreComm - Formerly Voyager.net
________________________________