Hi,
I don't know if you could call it new, it's really a combo of everything that
we've seen as of late.
it exploits bind, lpd, statd, and wu-ftp 2.6.0 . The basic signs are that it
replaces /etc/cron.daily/0anacron with a hacked version of it to start the scans and
such. Also after a day of scanning, the logs of the scan, the ip of the local box,
and the shadow are sent to an email address in china. [EMAIL PROTECTED] and
[EMAIL PROTECTED] .
if anyone wants a copy of the worm email me and i'll send it to them.
Mitchell Henderson [EMAIL PROTECTED]
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
- apt like tool for Redhat Andrew D Dixon
- Re: apt like tool for Redhat Mitchell Henderson
- Re: apt like tool for Redhat Andrew D Dixon
- Re: apt like tool for Redhat Wanderlei Antonio Cavassin
- Re: apt like tool for Redhat Jeffrey A Schoolcraft
- Re: apt like tool for Red... Silviu Cojocaru
- Re: apt like tool for... Tim
- Re: apt like tool... Mitchell Henderson
- Re: apt like tool... Silviu Cojocaru
- Re: apt like tool for Redhat Ted Gervais
- Re: New worm to affect RH Mitchell Henderson
- Re: New worm to affect RH Chuck Mead
- Re: New worm to affect RH Mitchell Henderson
- Re: New worm to affect RH Lee Johnson
- Re: New worm to affect RH Duncan Hill
- Re: New worm to affect RH Mitchell Henderson
- Re: New worm to affect RH Duncan Hill
- Re: New worm to affect RH John Aldrich
- Re: New worm to affect RH Hal Burgiss
- Re: New worm to affect RH Silviu Cojocaru
- Re: New worm to affect RH Bret Hughes
