[2132] in linux-security and linux-alert archive
[linux-security] Re: *ALERT*: ADM Worm. Worm for Linux x86 found in
daemon@ATHENA.MIT.EDU (R. DuFresne)
Fri Mar 26 05:27:54 1999
Date: Fri, 26 Mar 1999 03:06:31 -0600 (CST)
From: "R. DuFresne" <dufresne@sysinfo.com>
To: Jan-Philip Velders <jpv@jvelders.tn.tudelft.nl>
cc: linux-security@redhat.com, recipient list not shown: ;
In-Reply-To: <Pine.LNX.4.05.9903260851470.8790-100000@jp-gp.vsi.nl>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
On Fri, 26 Mar 1999, Jan-Philip Velders wrote:
[-- shortened a bit -- REW]
>
> As for me, I'm rather busy at work. This worm is more of an intellectual
> curiosity for me than anything else, as it seems to be mostly benign. I'd
> appreciate it if nobody would bug me about this any further, please. You
> know where to get samples, and after reading this mail you know as much
> the worm as I do.
>
The more important issue at had here is how the 'worm' infected your
system and gained the privledge needed to do it's work. And, if it is
truely a 'worm', and not just a rootkit with a port scanner running under
it, it would have done more then just scan, it would have actually
exploited, or at least *attempted* to exploit the vulnerable systems it
discovered? That key issue of knowing "how" your system was 'infected' is
crucial in determining how to prevent a 'reinfection', yes? Not to
mention helpful in determining if this is in fact a 'worm' or a rootkit
with it's tools merely named w0rm...
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior consultant: darkstar.sysinfo.com
http://darkstar.sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
