 |
 |
|
|
|
|
|||||||||||||||||||||||||||||||||||||||
|
New worm targets unprotected Linux systems
(IDG) -- Security analysts warned this week that another worm is hunting the Internet for Linux systems left unprotected against several well-publicized vulnerabilities, including one commonly found in Version 7.0 of Durham, N.C.-based Red Hat Inc.'s Linux release. Known as "Adore," the new worm appears to have begun propagating last Sunday, according to an advisory issued by the SANS Institute, a Bethesda, Md.-based research organization for systems administrators and security managers. Adore is the third worm found to be targeting Linux servers since January, following earlier ones called "Ramen" and "Lion."
The newest worm is similar to Ramen and Lion in the way it acts, SANS said. Adore creates back doors in computers based on the open-source Linux software, then automatically transmits configuration data and other identifying information about the compromised systems to four e-mail addresses. At risk, SANS said, are Linux systems that haven't been protected against vulnerabilities known as rpc-statd, wu-ftpd, LPRng and the Berkeley Internet Name Domain (BIND) software. LPRng is installed by default on servers running Red Hat 7.0, according to SANS, while BIND refers to a series of holes in the Redwood City, Calif.-based Internet Software Consortium's BIND server software. All of those vulnerabilities are well-known and can be blocked by readily available patches. But Adore and other worms like it can easily find exposed systems because IT managers frequently don't have time to install every security patch and bug fix that's released, said Eric Hemmendinger, an analyst at Aberdeen Group Inc. in Boston. "We can stand up and tell people they ought to be keeping up-to-date with patches, but in the real world, that's not particularly useful advice," Hemmendinger said. "There are just so many of them." A better tack for buys users is to install -- and routinely run -- virus-filtering products on Internet gateways, he added. SANS said William Stearns, a senior research engineer at the federally-funded Institute for Security Technology Studies at Dartmouth College in Hanover, N.H., has written a utility that's supposed to be able to detect the Adore worm's presence on infected systems. The script, called Adorefind, can be downloaded from Dartmouth's Web site. Stearns, who created a similar utility called Lionfind after the Lion worm was discovered last month, also helped the SANS Institute prepare its advisory about Adore. RELATED STORIES:
Bulletin: 'Dangerous' Linux worm in the wild RELATED IDG.net STORIES:
First virus to infect Windows, Linux apps appears RELATED SITES:
SANS Institute |
|
|
SCI-TECH
Study: Gadget sales flat Protest slams Dell's use of prison labor Steve Jobs keeps Apple in the limelight (MORE)
![[CNN.com]](http://i.cnn.net/cnn/images/newsnet/cnnlogo.gray.gif){kind=small} TOP STORIESN. Y. plans to heal skyline Stocks rise on Case departure Lieberman's presidential announcement today New arrests may be linked to UK ricin scare (MORE)
![[SI.com]](http://i.cnn.net/cnn/images/main/si.logo.gif){kind=logo} SPORTSJordan says farewell for the third time Shaq could miss playoff game for child's birth Ex-USOC official says athletes bent drug rules (MORE)
 All Scoreboards
|
|
|||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||
| Back to the top | |
© 2003 Cable News Network LP, LLLP.
A Time Warner Company. All Rights Reserved. Terms under which this service is provided to you. Read our privacy guidelines. Contact us. |
![[CNN Money]](http://i.cnn.net/cnn/images/main/fn.logo.newsnet.gif){kind=logo}
(