Linux Today: Linux News On Internet Time.
Search Linux Today
search.internet.com
Linux News Sections: Blog - Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Navigation
LT Home
Preferences
Contribute
Link to Us
Search
Linux Jobs

Become a Marketplace Partner

internet.commerce
Be a Commerce Partner














The Linux Channel at internet.com
Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Technology Jobs

JustTechJobs.com

LinuxToday Newsletters
Subscribe News
Subscribe PR
Subscribe Security

internet.com
IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

 







Current Newswire:

The Bruno Knaapen Technology Learning Center is Established

Anjal: GNOME's Evolution for Netbooks

Linux Mint 8 KDE Community Edition

Open source means freedom from 'anti-features'

GTalX - Google Voice Chat has arrived in Ubuntu 9.10 (Karmic)

Top 10 Super Bowl tech ads

OOXML not suitable for Norwegian government, says study

Add Cloud Storage to OpenOffice.org with SMECloud

10 Ways that Enterprises use Linux

SECURITY: A sensation of wonder about technological developments




Senior Linux Administrator - Red Hat (IL)
Next Step Systems
US-IL-Chicago

Justtechjobs.com Post A Job | Post A Resume
:Cheese the Friendly Worm On the Loose (patching lion-compromised machines as it goes)
Cheese the Friendly Worm On the Loose (patching lion-compromised machines as it goes)
May 17, 2001, 14 :09 UTC (28 Talkback[s]) (15142 reads)
(Other stories by Michael Hall)

By Michael Hall, Editor

Cheese the Friendly Worm is loose, out to close back doors left open by the recent Lion worm, which exploited vulnerabilities in BIND.

According to the Computer Emergency Response Team at Carnegie Mellon, the Cheese worm exploits the same back door Lion used, applies a patch to eliminate the back doors left by Lion, then runs scans from the host it's just visited to find other infected machines with port 10008 open, and spreads to them, applying its patch as it goes.

This mail on the SecurityFocus.com incidents mailing list described the worm in action: 

It scans 10008 port which opened by 1i0n worm. and removes rootshells from inetd.conf

It says

# removes rootshells running from /etc/inetd.conf
# after a l10n infection... (to stop pesky haqz0rs
# messing up your box even worse than it is already)
# This code was not written with malicious intent.
# Infact, it was written to try and do some good.

Funny ?

It was found in the directory "/tmp/.cheese/" and following files are found in this directory

ADL
cheese
cheese.uue
psm

Related Stories:
VNUNET.com: Bug Watch: Is Linux safe from attack?(Apr 17, 2001)
WIRED Report Says Adore and Lion Worms Are Tools of Chinese Hacktivists(Apr 11, 2001)
SANS.org: New Linux Worm Adore(Apr 04, 2001)
The Register: Highly destructive Linux worm mutating (Mar 28, 2001)
Worm Targeting Linux Could Cause Serious Damage(Mar 24, 2001)


Index Mode   |   Flat Mode   |   Thread Mode   |   Thread Flat  
  Talkback(s) Name  and Date
Well, if this is so, it may be the first ...   simply fantastic   
David S de Lis
May 17, 2001, 14:15:52  
I nderstand that the security manager do ...   I understand ...   
Diego Restrepo
May 17, 2001, 14:38:45  
I read this thinking William Gibson or D ...   Life imitates science fiction...   
John Gowin
May 17, 2001, 14:47:19  
I wish I had the appropriate URL handy, ...   Simply Fantastic? Not!   
Matin Maney
May 17, 2001, 14:56:23  
> I understand that the security manager ...   Re: I understand ...CNET-link   
Diego Restrepo
May 17, 2001, 14:57:01  
Just another linux innovation and hoppef ...   Innovation   
Diego Restrepo
May 17, 2001, 14:59:23  
You are using the same arguments that th ...   Re: Simply Fantastic? Not!   
Diego Restrepo
May 17, 2001, 15:10:08  
Why does everyone keep calling it lion o ...   lion?   
Gene Scott
May 17, 2001, 15:20:18  
Over the last four or five months, I&#39 ...   You snooze, you lose   
David Wollmann
May 17, 2001, 15:20:45  
The difference is that you choose to tru ...   Re: Re: Simply Fantastic? Not!   
Slack User
May 17, 2001, 15:31:56  
Just consider what happens if an inadequ ...   Repair-bots   
Roy Stogner
May 17, 2001, 15:37:17  
Probably, the better thing to do is just ...   Just warn   
james
May 17, 2001, 16:10:28  
> The difference is that you choose to t ...   Re: Re: Re: Simply Fantastic? Not!   
Diego Restrepo
May 17, 2001, 16:20:05  
If you've signed up to a service usi ...   Re*4: Simply Fantastic? Not!   
Ciaran
May 17, 2001, 16:52:43  
I think that Roy here is definately in p ...   Roy accused of clue possession   
Mark Dickie
May 17, 2001, 17:20:56  
I have to agree with David Wollmann: " ...   It's a worm... duh!   
Carl
May 17, 2001, 17:21:30  
Personally, I think it's a pretty c ...   Re: It's a worm... duh!   
Myddrin
May 17, 2001, 18:18:13  
Over the last four or five months, I&#39 ...   Re: You snooze, you lose   
Larry
May 17, 2001, 18:39:30  
This discussion has already taken plac ...   Legal responsibilities and good viruses   
Fred Mobach
May 17, 2001, 19:14:45  
Well, if this is so, it may be the first ...   Re: simply fantastic   
Strangelove
May 17, 2001, 20:36:39  
> Why does everyone keep calling it lion ...   Re: lion?   
Steve Bufton
May 17, 2001, 20:54:41  
Correct me if I'm wrong, but in this ...   Only affects ALREADY compromised boxes.   
Rob Landley
May 17, 2001, 21:35:02  
This should be re-categorized as a vacci ...   it's a vaccine   
Zvjezdan Patz
May 17, 2001, 21:37:07  
> > Why does everyone keep calling it li ...   Re: Re: lion?   
Gene Scott
May 18, 2001, 00:23:25  
> I wish I had the appropriate URL handy ...   Re: Simply Fantastic? Not!   
James
May 18, 2001, 03:00:22  
> Correct me if I'm wrong, but in th ...   Re: Only affects ALREADY compromised boxes.   
James
May 18, 2001, 03:10:26  
heh.. I suppose the a port of Cheese wou ...   pretty cool   
codez
May 18, 2001, 03:14:39  
> While it is your choise if you want to ...   Re: Legal responsibilities and good viruses   
Martin Vermeer
May 18, 2001, 12:13:42  
  Home | Search Talkbacks | Customize View    Top of Page  



Enter your comments below:

* Your Name:

* Your Email Address:

* Subject:

CC: [will also send this talkback to an E-Mail address]

* Comments:

Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content.

Fields marked with * are required!






..............................




All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux, Apache and PHP


The Network for Technology Professionals

Search:

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers