On Tue, 3 Apr 2001, Mitchell Henderson blurted out:
MH>Hi,
MH> I don't know if you could call it new, it's really a combo of
MH>everything that we've seen as of late. it exploits bind, lpd,
MH>statd, and wu-ftp 2.6.0 . The basic signs are that it replaces
MH>/etc/cron.daily/0anacron with a hacked version of it to start the
MH>scans and such. Also after a day of scanning, the logs of the
MH>scan, the ip of the local box, and the shadow are sent to an email
MH>address in china. [EMAIL PROTECTED] and [EMAIL PROTECTED] . if
MH>anyone wants a copy of the worm email me and i'll send it to them.
I saw this yesterday at an ISP here in NC. Nasty little beasty!
--
Chuck Mead, csm -AT- moongroup.com, Owner, MoonGroup.com
(Note: html formatted email sent to me is filtered & deleted unread)
GnuPG Public Key Available: http://wwwkeys.us.pgp.net
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
