adore-worm for Linux (Especially Redhat 7)
Gene Collins
collins at gene3.ait.iastate.edu
Thu Apr 5 09:10:18 EDT 2001
I received this information from one of my co-workers. It's worth
checking to see if you have this thing.
Gene Collins
Date: Thu, 5 Apr 2001 07:59:14 -0500
To: ua at iastate.edu
From: Jeff Balvanz <jbalvanz at iastate.edu>
Subject: Adore worm for Linux worm in wild and on campus
A new Linux worm has been detected on campus. The Adore worm exploits
known vulnerabilities in LPRng, rpc-statd, wu-ftpd and BIND. (LPRng
is installed on Red Hat 7 systems by default.) It mails critical
system information to four e-mail addresses, then installs a
backdoor. The worm then scans the network for other vulnerable
systems, generating a large amount of network traffic.
A script for detecting and removing the worm files is available at
the URL http://www.sans.org/y2k/adorefind-0.2.0.tar.gz. For
prevention, install updates to the components above (see your Linux
distributor for more details.) For more information, see the URL
http://www.sans.org/y2k/adore.htm.
More information about the Speakup
mailing list