On Friday 08 February 2002 22:20, you wrote:
> This is a worm that attempts to insert itself onto systems running
> Red Hat Linux 6.2 and 7.x, and possibly other System V-based
> Linux versions, that have ...
> doc
reading on, we find:
"... already been compromised by any other backdoor that has root privileges.
It then attempts to remove any other backdoor Trojans on that system, and
then tries to spread itself to other similar system across the Internet. "
"This worm searches the Internet for System V-based Linux systems that have
been compromised by a backdoor Trojan that may have gained root access. It
then remotely launches a module that starts a shell script named
w0rmstart.sh. This script attempts to download a compressed file that
contains several different components. These components build a stealth tool
that helps to hide the worm, configures anonymous FTP on the system, removes
any other backdoor Trojans that it finds in /etc/inetd.conf, and then begins
searching other IP addresses for other similar Linux system on the Internet."
So, what it does is traverse the uncharted reaches of the internet looking
for Linux boxes to help?
Scary stuff, indeed! Can you imagine all the mayhem and consternation it
would cause if someone wrote a similar worm that went around patching up
behind Nimda or Code Red (I,II,III,IV,V) or Sircam or any of the other
viruses that line the pockets of Symantec, McAfee, Norton & Solomon? No
wonder they want to get rid of hijacker as fast as possible! :-)
I don't want hijacker on my system, either ... but if I had to choose between
it and some other rootkit ... well, it's not a tough decision. :-)
Bill
-- We're sorry, but due to ongoing security concerns, we no longer accept e-mail attachments created by Microsoft applications. Please accept our apologies for any inconvenience. -- Staff & Management
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:57:41 EDT