Hi got this from a friend cant make much of it hope it makes some sense to you and may be useful...if so please let me know read on: -----Original Message----- Sent: Wednesday, April 04, 2001 2:03 AM Subject: New Linux Worm This worm is basicly a worm that exploits all the stuff we've seen in all the latest worms(lpd, statd, wu-ftp 2.6.0 and bind ). it does add some things to it. One of the main signs is that it backdoors /bin/ps and moves the old one to /usr/bin/adore. It all mv /etc/cron.daily/0anacron to 0anacron-bak and replaces it with a script to start the scanning for all 4 exploits, rm's it's self after a day, and emails a copy of the system's ip and the logs of the scans to [EMAIL PROTECTED] and [EMAIL PROTECTED] I haven't looked very much at it but if you've updated your machines since the last bind hole you should be fine. ------------------------------------------------ The mailing list archives are available at http://lists.linux-india.org/cgi-bin/wilma/linux-delhi
