I used tool that will find/delete worm files and i reinstalled packages
that has been altered/replaced by this liOn worm. it maybe easy for me to
install if i have resources to use :(
thanks,
dwen
On Wed, 23 May 2001, Rafael R. Sevilla wrote:
>
> On Wed, 23 May 2001, Jeffrey Wong wrote:
>
> >
> > > it was bind + tOrn ROOTkit exploit, before april 1 i was using bind
> > >8.2.2-P5 and the fookin WORM got me.
> >
> > >I did ugrade BIND and reinstalled some packages like inetd,
> > >net-tools...etc. to totally erased all trojan files.
> >
> > You only reinstalled some package?!!!
> >
> > I am a little bit paranoid about these things, you should reinstall
> > everything from scratch.
> >
>
> I agree. Even if these are script kiddies they have ways of hiding
> backdoors here and there. Never be so sure that you got everything until
> you've done a THOROUGH search. There could be setuid programs lurking in
> hidden corners, configuration file changes that make services vulnerable,
> key system programs like login, su, etc... modified to create backdoors.
> It's often infeasible to check for everything, so best practice would be
> to back up all important information (database records, user data, etc.)
> reinstall, and restore. And be sure that EVERYONE changes their
> passwords!
>
> --
> Rafael R. Sevilla <[EMAIL PROTECTED]> +63(2) 8177746 ext. 8311
> Programmer, InterdotNet Philippines +63(917) 4458925
>
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
