ALERT! A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET
ALERT! A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET March 23, 2001 7:00 AM Late last night, the SANS Institute (through its Global Incident Analysis Center) uncovered a dangerous new worm that appears to be spreading rapidly across the Internet. It scans the Internet looking for Linux computers with a known vulnerability. It infects the vulnerable machines, steals the password file (sending it to a China.com site), installs other hacking tools, and forces the newly infected machine to begin scanning the Internet looking for other victims. Several experts from the security community worked through the night to decompose the worm's code and engineer a utility to help you discover if the Lion worm has affected your organization. Updates to this announcement will be posted at the SANS web site, http://www.sans.org -- -- ----/ / _ Fred A. Miller ---/ / (_)__ __ ____ __ Systems Administrator --/ /__/ / _ \/ // /\ \/ / Cornell Univ. Press Services -/____/_/_//_/\_,_/ /_/\_\ fm@cupserv.org
yeah. real dangerous. Like most worms it relies on people to have not installed
vendor supplied security updates that are not exactly new. Of course there is a
huge number of such administrators, and chances are if they haven't updated
their bind software they aren't security concious enough to be on this list (or
any list for that matter). Sigh.
Kurt Seifried, seifried@securityportal.com
Securityportal - your focal point for security on the 'net
----- Original Message -----
From: "Fred A. Miller"
ALERT! A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET
March 23, 2001 7:00 AM
Late last night, the SANS Institute (through its Global Incident Analysis Center) uncovered a dangerous new worm that appears to be spreading rapidly across the Internet. It scans the Internet looking for Linux computers with a known vulnerability. It infects the vulnerable machines, steals the password file (sending it to a China.com site), installs other hacking tools, and forces the newly infected machine to begin scanning the Internet looking for other victims.
Several experts from the security community worked through the night to decompose the worm's code and engineer a utility to help you discover if the Lion worm has affected your organization.
Updates to this announcement will be posted at the SANS web site, http://www.sans.org
-- -- ----/ / _ Fred A. Miller ---/ / (_)__ __ ____ __ Systems Administrator --/ /__/ / _ \/ // /\ \/ / Cornell Univ. Press Services -/____/_/_//_/\_,_/ /_/\_\ fm@cupserv.org
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
On Friday 23 March 2001 20:38, Fred A. Miller wrote:
ALERT! A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET
Are you referring to the "FredMillerrandomlypostsnewssnippetstosecuritymailinglists" Worm, which attacks SuSE-Security from time to time? Please, your "news service" is already being offered by sites like securityportal / securityfocus etc. Regards Martin -- Martin Leweling Institut fuer Planetologie, WWU Muenster Wilhelm-Klemm-Str. 10, 48149 Muenster, Germany Tel.: +49-251-83-33557 Fax: +49-251-83-39083 E-Mail (work): lewelin@uni-muenster.de
Martin Leweling
On Friday 23 March 2001 20:38, Fred A. Miller wrote:
ALERT! A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET
Are you referring to the "FredMillerrandomlypostsnewssnippetstosecuritymailinglists" Worm, which attacks SuSE-Security from time to time?
Please, your "news service" is already being offered by sites like securityportal / securityfocus etc.
Martin, it is true that securityportal already offered this, but do you really think that _all_ the people that are subscribed to suse-security are subscribed to all the other security related mailing lists, too? I think it's better to read such news twice than never. Martin -- martin.peikert@innominate.com dipl.-math. innominate AG system engineer the linux architects tel: +49-30-308806-0 fax: -77 http://www.innominate.com
* Martin Peikert
ALERT! A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET Please, your "news service" is already being offered by sites like securityportal / securityfocus etc. it is true that securityportal already offered this, but do you really think that _all_ the people that are subscribed to suse-security are subscribed to all the other security related mailing lists, too?
Not to all, but to those that are relevant for them. And if they are kind and nice they will post relevant issues to relevant mailinglists.
I think it's better to read such news twice than never. but it's never twice.
I've got the above warning on (at least) 7 different mailinglists, and more than likely a few more will follow. We didn;t get hit by the Melissa or I love you virus, but company wide, we received over 300 warning emails about both. All from welland kind people who should have known better. Currently listening to: 02eulogy Gerhard, [@jasongeo.com] == The Acoustic Motorbiker == -- __O twas brillig, and the slithy toves, =`\<, did gyre and gimbel in the wabe, (=)/(=) all mimsy were the borogoves, and the momeraths outgrabe.
participants (5)
-
Fred A. Miller -
Gerhard den Hollander -
Kurt Seifried -
Martin Leweling -
Martin Peikert