[CLUE-Tech] Is Linux Infected by the Klez Worm?

David Jackson david.j.jackson at pickledbeans.com
Sat May 18 17:59:00 MDT 2002 

Mike --
All good valid points,my answer was a bit simplifed.
Your point about keeping current with patches, is the
one that seem to go unheeded, which I never understand
when running open source?

David


> One fine example of a root exploit would be that stupid ws_ftp hole in
> Red Hat 7.1 and below, and any other distro for that matter that uses
> that unsecure version of the ftp program.  I could be wrong, but in my
> experience with this, if I leave 5 linux boxes sitting outside our
> firewall running a fresh copy of red hat 7.1 or lower without updating
> packages of any kind, in about 24 hours the boxes are completely hacked
> and people are telneting into them from bizarre ip addresses residing
> overseas and many of my binaries in /usr/sbin and /usr/bin have been
> replaced with trojan executables.  All I can do at that point is break
> out disk druid and format the drives out. So, since it would take a
> person large amounts of time to find those ip addresses, I think it's a
> worm type program that just scans a range of ips much like the many IIS
> exploits for windows.  So, the moral of the story seems to be that you
> should always check for updated packages and stay on top of that stuff.
> Everytime I find myself lapsing in that area, I end up paying for it. 
> About the Klez virus - I've see it 20 times a day or so at work with
> our exchange 7.0 mail server running on winbloze.  So, I think it's
> simply yet another MS Outlook/Exchange virus.  Thankfully, our net
> admin
> responsible for that server has an antivirus program from McAfee
> scanning all incoming mail and blocking all this garbage.  So, I don't
> think it could affect your linux boxes, only the windows clients that
> may be connecting to it via sendmail/imap/pop3, etc.  If you're not
> running a mail server, than you wouldn't be responsible for the mail
> hitting windows clients, and even if you were, it's their own damn
> fault for using outlook :)
> 
> David Jackson wrote:
>> 
>> Joe --
>> Do you mean is it effected by? Or do you mean is your system
>> infected with? There are few Linux virus out the (Mr. Gates would say
>> Linux is a virus). Sorry I could resist :)
>> 
>> The answer generaly given is in order for your system infected with a
>> virus is by the root account, in order do any real damage. If enters
>> the system through a user account, it will effect files owned by that
>> users and those with the same group permissions.
>> 
>> But I could be wrong.
>> David
>> 
>> > Is the Linux OS infected by the Klez or Klez.e worm?
>> >
>> > _______________________________________________
>> > CLUE-Tech mailing list
>> > CLUE-Tech at clue.denver.co.us
>> > http://clue.denver.co.us/mailman/listinfo/clue-tech
>> 
>> --
>> 
>> _______________________________________________
>> CLUE-Tech mailing list
>> CLUE-Tech at clue.denver.co.us
>> http://clue.denver.co.us/mailman/listinfo/clue-tech
> 
> -- 
> 
>                                -Mike Staver
>                                 staver at fimble.com
>                                 mstaver at globaltaxnetwork.com
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech


--

More information about the clue-tech mailing list