[CLUE-Tech] Is Linux Infected by the Klez Worm?
David Jackson
david.j.jackson at pickledbeans.com
Sat May 18 17:59:00 MDT 2002
Mike --
All good valid points,my answer was a bit simplifed.
Your point about keeping current with patches, is the
one that seem to go unheeded, which I never understand
when running open source?
David
> One fine example of a root exploit would be that stupid ws_ftp hole in
> Red Hat 7.1 and below, and any other distro for that matter that uses
> that unsecure version of the ftp program. I could be wrong, but in my
> experience with this, if I leave 5 linux boxes sitting outside our
> firewall running a fresh copy of red hat 7.1 or lower without updating
> packages of any kind, in about 24 hours the boxes are completely hacked
> and people are telneting into them from bizarre ip addresses residing
> overseas and many of my binaries in /usr/sbin and /usr/bin have been
> replaced with trojan executables. All I can do at that point is break
> out disk druid and format the drives out. So, since it would take a
> person large amounts of time to find those ip addresses, I think it's a
> worm type program that just scans a range of ips much like the many IIS
> exploits for windows. So, the moral of the story seems to be that you
> should always check for updated packages and stay on top of that stuff.
> Everytime I find myself lapsing in that area, I end up paying for it.
> About the Klez virus - I've see it 20 times a day or so at work with
> our exchange 7.0 mail server running on winbloze. So, I think it's
> simply yet another MS Outlook/Exchange virus. Thankfully, our net
> admin
> responsible for that server has an antivirus program from McAfee
> scanning all incoming mail and blocking all this garbage. So, I don't
> think it could affect your linux boxes, only the windows clients that
> may be connecting to it via sendmail/imap/pop3, etc. If you're not
> running a mail server, than you wouldn't be responsible for the mail
> hitting windows clients, and even if you were, it's their own damn
> fault for using outlook :)
>
> David Jackson wrote:
>>
>> Joe --
>> Do you mean is it effected by? Or do you mean is your system
>> infected with? There are few Linux virus out the (Mr. Gates would say
>> Linux is a virus). Sorry I could resist :)
>>
>> The answer generaly given is in order for your system infected with a
>> virus is by the root account, in order do any real damage. If enters
>> the system through a user account, it will effect files owned by that
>> users and those with the same group permissions.
>>
>> But I could be wrong.
>> David
>>
>> > Is the Linux OS infected by the Klez or Klez.e worm?
>> >
>> > _______________________________________________
>> > CLUE-Tech mailing list
>> > CLUE-Tech at clue.denver.co.us
>> > http://clue.denver.co.us/mailman/listinfo/clue-tech
>>
>> --
>>
>> _______________________________________________
>> CLUE-Tech mailing list
>> CLUE-Tech at clue.denver.co.us
>> http://clue.denver.co.us/mailman/listinfo/clue-tech
>
> --
>
> -Mike Staver
> staver at fimble.com
> mstaver at globaltaxnetwork.com
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
--
More information about the clue-tech
mailing list