New 'Lion' virus on the loose

Published: 27 March 2001 y., Tuesday
Computer security experts have unearthed a new worm that they say is spreading rapidly on the Internet and is capable of changing network settings, stealing passwords and eliminating some security measures, setting up the infected machine for further attacks. Known as the Lion worm, the virus spreads through an application called "randb," which infects Linux machines running version 8 of the BIND DNS software, one of several iterations that are known to have numerous security vulnerabilities. Lion scans random networks, probing TCP port 53, looking for potential targets. Once the application finds a vulnerable machine, it uses an exploit called "name" and then installs the t0rn rootkit, which enables the attacker to wreak havoc on the compromised machine, according to an alert posted Friday morning by the SANS Institute. The worm then performs several operations, including sending a password file and some network settings to a mail address with the chin.com domain, deleting a file called /etc/hosts.deny, which eliminates the host-based perimeter protection, installing backdoor root shells on two TCP ports, installing a "trojaned" version of the secure shell, killing the system log and searching for a hashed password. SANS has developed a utility that will detect -- but not remove -- the worm. Lion exploits the transaction signature buffer-overflow vulnerability in BIND (Berkeley Internet Name Domain) version 8, which is one of four weaknesses found in January in the open-source DNS software. Fixes are available for all of the BIND flaws. After the Lion worm finishes its work, it then forces the compromised machine to scan the Internet for other vulnerable servers.
Šaltinis: eWEEK
Copying, publishing, announcing any information from the News.lt portal without written permission of News.lt editorial office is prohibited.

Facebook Comments

New comment


Captcha

Associated articles

Antiwar hacker strikes the U.S. Navy

Virus writer and hacker activity has stepped up dramatically since the U.S. and U.K. armed forces started their war against Iraq more »

EU bigwig bangs on about eGovt

A top EU commissioner has been banging on about the importance of eGovernment more »

Al Jazeera launches English service

But within hours, firm suffers denial of service attack more »

Chip cards - in Kazakh practice

Commercial Alliance-Bank will be the first among RK banks implementing a transaction through international chip cards "Visa Smart Debit & Credit (VSDC)" through single processing center more »

A new Internet site

All those interested in British-Polish economic issues now have a new Internet site www.bpcc.org.pl more »

"Tibo’2003"

Minsk to Welcome Belarusian Congress on Telecommunications, Information and Banking Technologies more »

E-Russia threatened by cuts in financing

A drop in federal funding could delay some projects under the Electronic Russia program, which aims to boost the use of information technology throughout the country, the Communications Ministry said Tuesday more »

Belgian consortium heads race to run .eu

The European Commission is consulting its 15 national member governments over a draft decision to pick a Belgian-led consortium to run the long-awaited .eu top-level domain name registry more »

U.S. military computer attacked

Previously undiscovered flaw used to attack Army Web site more »

Banking Solutions at CeBIT 2003

Wincor Nixdorf presents a range of propositions with the spotlight focused on the specific needs and problems facing the banking industry under the key headings of Branch, Multichannel and Cash Management more »