User: Password:
Subscribe / Log in / New account

A new Linux worm

A new Linux worm

Posted Feb 21, 2006 19:05 UTC (Tue) by smoogen (subscriber, #97)
In reply to: A new Linux worm by xtifr
Parent article: A new Linux worm

The shell script is Bash and the executable it downloads is Linux only... so in this case if you are running Apache on Windows.. you are home clear.

From what I can tell this variant has been around since Feb 14th. The infected bot boxes do a scan for various vulnerabilities.. and then downloads the worm onto the box. It then executes the worm and listens for commands from the boss-bot.

As always.. your OS is only as good as you can AND will patch it :)

(Log in to post comments)

A new Linux worm

Posted Feb 22, 2006 1:40 UTC (Wed) by cventers (subscriber, #31465) [Link]

I wish these malware authors would learn to write portable code so that
we can stop calling PHP security problems "Linux" problems...


A new Linux worm

Posted Feb 22, 2006 9:46 UTC (Wed) by hawk (subscriber, #3195) [Link]

Well, sounds like you're equally exploitable, just that this particular worm isn't compatible with your system.

A new Linux worm

Posted Feb 22, 2006 11:13 UTC (Wed) by nix (subscriber, #2304) [Link]

Oh good, another exploit killed by digsig.

A new Linux worm

Posted Feb 23, 2006 8:58 UTC (Thu) by emj (guest, #14307) [Link]

Digsig is a Linux kernel module, which checks RSA digital signatures of ELF binaries and libraries before they are run.

But if this had been done with just bash scripts, digsig wouldn't be of much help, right?

A new Linux worm

Posted Feb 23, 2006 9:44 UTC (Thu) by nix (subscriber, #2304) [Link]

The webpage is out of date: as of the CVS release (stable as hell despite not being released yet), scripts can be checked too, but it's more annoying (you have to decorate every script you'll run).

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds