Linux Today: Linux News On Internet Time.

WIRED Report Says Adore and Lion Worms Are Tools of Chinese Hacktivists

Apr 11, 2001, 15:58 (4 Talkback[s])
(Other stories by Michael Hall)

Note: We inappropriately identified Joe Murphy as CEO of Vigilinx in the story below. Vigilinx's CEO is named Bruce Murphy. We regret the error -ed.

By Michael Hall, LinuxToday

If a report in Wired is to be believed, Adore and Lion aren't so much the byproduct of bored kiddies hard at work as they are the crowbars in political defacement campaigns by Chinese "hacktivists" protesting revisionist Japanese textbooks and the recent death of a Chinese pilot.

Political fervor in China over the recent death of a fighter pilot whose jet collided with a US surveillance plane last Sunday has grown, with web sites demanding cracking attacks on US military pages. Wired quotes one 27-year-old tech worker who maintains that Linux is a common tool for the crackers because of its pervasiveness in schools there:

"Many of these worms are for Linux systems though, because that's what we mostly use here in computer classes. But I think that maybe Linux worms don't have as much of a strong effect in your country."

The report goes on to attribute a belief that Adore was created specifically to protest the fatal accident to Joe Murphy of Vigilinx, a security firm. Its Chinese origins were assumed largely because the worm mailed exploit information back to mail addresses belonging to sinanet.com, which provides the sina.com site, a China-oriented web portal.

If this is the case, it was a fast piece of work, since the SANS advisory regarding the worm reported that Adore began to spread on April 1. On the other hand, the raw material was already there: Adore was described by SANS as a variant of two earlier Linux-targetting worms: Ramen and Lion. Lion arrived on the scene barely a week before Adore. According to the site Whitehats.com, a Chinese hacker named "Lion" created the worm "as a warning against the Japanese because of controvertial books currently used in Japanese schools," which reportedly downplay the Japanese occupation of China and Korea and The Rape of Nanking.

Adore and Lion both target exploits most Linux distributors patched well before their advent.

Related Stories: