New 'Lion' virus on the loose

Published: 27 March 2001 y., Tuesday
Computer security experts have unearthed a new worm that they say is spreading rapidly on the Internet and is capable of changing network settings, stealing passwords and eliminating some security measures, setting up the infected machine for further attacks. Known as the Lion worm, the virus spreads through an application called "randb," which infects Linux machines running version 8 of the BIND DNS software, one of several iterations that are known to have numerous security vulnerabilities. Lion scans random networks, probing TCP port 53, looking for potential targets. Once the application finds a vulnerable machine, it uses an exploit called "name" and then installs the t0rn rootkit, which enables the attacker to wreak havoc on the compromised machine, according to an alert posted Friday morning by the SANS Institute. The worm then performs several operations, including sending a password file and some network settings to a mail address with the chin.com domain, deleting a file called /etc/hosts.deny, which eliminates the host-based perimeter protection, installing backdoor root shells on two TCP ports, installing a "trojaned" version of the secure shell, killing the system log and searching for a hashed password. SANS has developed a utility that will detect -- but not remove -- the worm. Lion exploits the transaction signature buffer-overflow vulnerability in BIND (Berkeley Internet Name Domain) version 8, which is one of four weaknesses found in January in the open-source DNS software. Fixes are available for all of the BIND flaws. After the Lion worm finishes its work, it then forces the compromised machine to scan the Internet for other vulnerable servers.
Šaltinis: eWEEK
Copying, publishing, announcing any information from the News.lt portal without written permission of News.lt editorial office is prohibited.

Facebook Comments

New comment


Captcha

Associated articles

LaiksOnline cites time, finances in decision to close

LaiksOnline, the Web site of the weekly Brooklyn-based Latvian newspaper, is being shut down. more »

Australia To Toughen Computer Crime Laws

The Australian government is planning to get tough on cyber crime. more »

Beta launch of RealArcade

RealNetworks Launches Online Gaming Service more »

Virus attacks Echelon

LoveBug variant baits NSA global surveillance network, deletes MP3s. more »

ExpandNATO.org

The site includes news about NATO expansion plus a list of the "top ten" reasons for NATO expansion. more »

VeriSign May Ditch Domain Deal

The Commerce Department's review of the agreement that extends the computer security firm's control of the '.com' domain has the company thinking twice, sources say. more »

First Pentium III 1GHz small form factor

Market report confirms TCO benefits of e-pc and hp Introduces space-saving e-pc mounting bracket more »

Would you please evaluate Lithuanian Web Sites

The 1st stage of the 6th WWW Championship is over more »

Two big names

AMD Ships Mobile Athlon 4, Duron; Compaq First To Adopt Claims Highest Performance in Notebook Arena more »

RewardOne Travel Manager

Continental Airlines Launches Online Travel Management Tool for Small Businesses more »