OpenBCM V1.13 (Linux)

Packet Radio Mailbox

DB0FHN

[JN59NK Nuernberg]

 Login: GUEST





  
M1CUK  > INFO     07.10.02 18:39l 59 Lines 2266 Bytes #999 (0) @ WW
BID : 20606-GB7FCR
Read: DB0FHN GUEST
Subj: Virus Update / Warning
Path: DB0FHN<DB0ZWI<DB0HDF<DB0ERF<DB0FBB<DB0GOS<ON0AR<ON0AR<VE3FJB<IK1ZNW<
      ZL2TZE<GB7FCR
Sent: 021007/1605Z @:GB7FCR.#16.GBR.EU #:20606 [Blackpool] FBB-7.03a $:20606-GB
From: M1CUK@GB7FCR.#16.GBR.EU
To  : INFO@WW


Worms turn on Win/Linux users
By John Leyden
Posted: 07/10/2002 at 12:10 GMT

Amid the panic last week about the prolific, and very nasty,
BearBug worm two more nasty varmints went largely unnoticed.

Hot on the heels of the Slapper, comes the Mighty worm which
uses the same well-known OpenSSL exploit to gain access to
and infect computers running an Apache Web server on Linux.
Mighty uses the same spreading routines as Slapper but with
several subtle differences.

In addition to infecting systems, Mighty also sets up a backdoor
utility which can be controlled over an IRC channel.

The Trojan component can be used to steal information from
compromised machines, corrupt data or set up DdoS attack networks.

Russian AV specialists Kaspersky Labs says it registered over
1,600 systems infected by Mighty by last Friday.

Admins are strongly recommended to install the latest version of
OpenSSL (for versions older than 0.9.7-beta, 0.9.6e) and to
update their anti-virus tools to guard against infection.

Windows users, already hard hit by BugBear, face an additional
threat from the Opaserv worm, whose main spreading mechanism
(unusually) is via network shares.

The worm attempts to copy itself to the Windows folder on
networked computers with open shared drives. It then modifies
the win.ini file on the remote machine to ensure the copied
file will be run on system start. The worm searches local IP
addresses for open C: shares (using ports 137 and 139) and
attempts to copy itself to the Windows folder of the share.

Opaserv also attempts to connect to a Web site that is currently
unavailable, probably in an attempt by its author's to create a
way to update the code used by the worm.

The worm illustrates the perils of running computers with open
file shares. Users are advised to block this avenue of infection
and to update their AV tools to detect the worm.

Updating AV protection is also a good idea in combating the spread
of BugBear, which is spreading rapidly. Managed services firm
MessageLabs has intercepted more than 300,000 copies of the worm
since its first appearance last week, eclipsing the perfidious
Klez worm as the most common email-borne nasty.

--------------
Regards
	Trev..


Read previous mail | Read next mail


 08.07.2026 10:35:08lGo back Go up