On Tue, 03 Apr 2001, you wrote:
> Hi,
> I don't know if you could call it new, it's really a combo of everything that
>we've seen as of late.
> it exploits bind, lpd, statd, and wu-ftp 2.6.0 . The basic signs are that it
>replaces /etc/cron.daily/0anacron with a hacked version of it to start the scans and
>such. Also after a day of scanning, the logs of the scan, the ip of the local box,
>and the shadow are sent to an email address in china. [EMAIL PROTECTED] and
>[EMAIL PROTECTED] .
> if anyone wants a copy of the worm email me and i'll send it to them.
>
Hmm.. Sisna.com. Why am I not surprised! Sheesh!
John
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
- Re: apt like tool for Redhat Mitchell Henderson
- Re: apt like tool for Redhat Silviu Cojocaru
- Re: apt like tool for Redhat Ted Gervais
- New worm to affect RH Mitchell Henderson
- Re: New worm to affect RH Chuck Mead
- Re: New worm to affect RH Mitchell Henderson
- Re: New worm to affect RH Lee Johnson
- Re: New worm to affect RH Duncan Hill
- Re: New worm to affect RH Mitchell Henderson
- Re: New worm to affect RH Duncan Hill
- Re: New worm to affect RH John Aldrich
- Re: New worm to affect RH Hal Burgiss
- Re: New worm to affect RH Silviu Cojocaru
- Re: New worm to affect RH Bret Hughes
- Re: New worm to affect RH Hal Burgiss
- Re: New worm to affect RH Rodolfo J. Paiz
- Re: New worm to affect RH David Talkington
- Re: New worm to affect RH Thornton Prime
- Re: apt like tool for Redhat Silviu Cojocaru
- RE: apt like tool for Redhat Warren Melnick
