Virus Alert - Lion Worm Last Updated 03/23/2001
SANS reported a Linux worm called Lion was found in the wild. This worm takes advantage of known vulnerabilities in BIND versions 8.2, 8.2-P1, 8.2.1, 8.2.2-Px, and all 8.2.3-betas run on Linux BIND DNS servers. The worm uses these vulenerabilities to gain root access to the targeted machine.
Per NAI, once the worm gains root access it steals account and password information and sends it to 1i0nsniffer@china.com. After stealing account and password information it begins scanning for new machines to infect.
Risk to NIH should be minimal because NIH does not run BIND on Linux machines.
Security patches are available from Linux manufacturers to fix the BIND vulnerabilities.
For More Information:
This archive is not intended to be comprehensive. For a more complete virus library, please visit NAI's Virus Information Library at http://vil.nai.com.
|