On Sun, 08 Apr 2001, Rajkumar Andrews spewed into the ether:
> The Ramen, Lion and Adore worms can paralise work -- but will not
> destroy any data. They generally replace system binaries (eg.
> finger, ifconfig, et al) found in the /usr/sbin or /bin directories
> with their own versions [which will make system administrators go
> crazy!]
<sarcasm>
Right, I'm going to trust a system with changed binaries, possible root
shells and worse not to touch my data.
</sarcasm>
Adore is a lot worse because it has a LKM which hides processes. It was
discovered because on some machine the skript kiddie couldn't get the
LKM to compile properly.
Which implies that if your system got hit by this, you wouldn't know if
any files were modified (not even tripwire can bypass the kernel and
system calls).
To prevent damage:
Keep your software updated
Recompile your kernel without module support
man chattr
Devdas Bhagat
--
May your camel be as swift as the wind.
----------------------------------------------
An alpha version of a web based tool to manage
your subscription with this mailing list is at
http://lists.linux-india.org/cgi-bin/mj_wwwusr
