yeah. real dangerous. Like most worms it relies on people to have not installed
vendor supplied security updates that are not exactly new. Of course there is a
huge number of such administrators, and chances are if they haven't updated
their bind software they aren't security concious enough to be on this list (or
any list for that matter). Sigh.
Kurt Seifried, seifried@securityportal.com
Securityportal - your focal point for security on the 'net
----- Original Message -----
From: "Fred A. Miller"
ALERT! A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET
March 23, 2001 7:00 AM
Late last night, the SANS Institute (through its Global Incident Analysis Center) uncovered a dangerous new worm that appears to be spreading rapidly across the Internet. It scans the Internet looking for Linux computers with a known vulnerability. It infects the vulnerable machines, steals the password file (sending it to a China.com site), installs other hacking tools, and forces the newly infected machine to begin scanning the Internet looking for other victims.
Several experts from the security community worked through the night to decompose the worm's code and engineer a utility to help you discover if the Lion worm has affected your organization.
Updates to this announcement will be posted at the SANS web site, http://www.sans.org
-- -- ----/ / _ Fred A. Miller ---/ / (_)__ __ ____ __ Systems Administrator --/ /__/ / _ \/ // /\ \/ / Cornell Univ. Press Services -/____/_/_//_/\_,_/ /_/\_\ fm@cupserv.org
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com