adore-worm for Linux (Especially Redhat 7)

Gene Collins collins at gene3.ait.iastate.edu
Thu Apr 5 09:10:18 EDT 2001


I received this information from one of my co-workers.  It's worth
checking to see if you have this thing.

Gene Collins

Date: Thu, 5 Apr 2001 07:59:14 -0500
To: ua at iastate.edu
From: Jeff Balvanz <jbalvanz at iastate.edu>
Subject: Adore worm for Linux worm in wild and on campus

A new Linux worm has been detected on campus. The Adore worm exploits 
known vulnerabilities in LPRng, rpc-statd, wu-ftpd and BIND.  (LPRng 
is installed on Red Hat 7 systems by default.)  It mails critical 
system information to four e-mail addresses, then installs a 
backdoor.  The worm then scans the network for other vulnerable 
systems, generating a large amount of network traffic.

A script for detecting and removing the worm files is available at 
the URL http://www.sans.org/y2k/adorefind-0.2.0.tar.gz.  For 
prevention, install updates to the components above (see your Linux 
distributor for more details.)  For more information, see the URL 
http://www.sans.org/y2k/adore.htm.




More information about the Speakup mailing list