[ILUG] serious linux worm on the loose

| March 12, 2003 | 2 comments

I haven’t seen this hit the mainstream press, or slashdot or anywhere yet. It could be some obvious hole missed while configuring these Red Hat 7.3 boxes but I’m worried. 8 Red Hat 7.3 boxes were broken into and rooted. John doesn’t know how they were cracked, almost missed it but thinks it might be a worm mentioned in Phrack a while back..
I checked my own Red Hat 7.3 boxes and they appear to be fine but given the nature of the worm, it won’t be easy to find without shutting down first.

[ILUG] serious linux worm on the loose was posted on March 12, 2003 at 4:23 pm in Linux and tagged as . It was last modified on March 12, 2003 at 4:23 pm. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response or pingback from your site.

Share on Twitter, Facebook, Delicious, Digg, Reddit

Related Posts

2 Comments

Every man his own admin on March 13, 2003 at 8:20 am.

What version number of apache? What version number of sshd?

Reply

Donncha (1707 comments.) on March 13, 2003 at 9:54 am.

As John mentioned in his mail, some were up to date RH7.3 boxes, some weren’t. He doesn’t know how the boxes were infected, although the Phrack article mentions a vulnerability in PHP. Another weblog bemoaned Red Hat for not updating their PHP rpms so that could be related..

Reply

Leave Your Comment

Your email will not be published or shared. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Holy Shmoly! is Stephen Fry proof thanks to caching by WP Super Cache