---

Home Security

WIRED Report Says Adore and Lion Worms Are Tools of Chinese Hacktivists

By

Note: We inappropriately identified Joe Murphy as CEO of
Vigilinx in the story below. Vigilinx’s CEO is named Bruce Murphy.
We regret the error -ed.

By Michael Hall,
LinuxToday

If a report in
Wired is to be believed, Adore and Lion aren’t so much the
byproduct of bored kiddies hard at work as they are the crowbars in
political defacement campaigns by Chinese “hacktivists” protesting
revisionist Japanese textbooks and the recent death of a Chinese
pilot.

Political fervor in China over the recent death of a fighter
pilot whose jet collided with a US surveillance plane last Sunday
has grown, with web sites demanding cracking attacks on US military
pages. Wired quotes one 27-year-old tech worker who maintains that
Linux is a common tool for the crackers because of its
pervasiveness in schools there:

“Many of these worms are for Linux systems though, because
that’s what we mostly use here in computer classes. But I think
that maybe Linux worms don’t have as much of a strong effect in
your country.”

The report goes on to attribute a belief that Adore was created
specifically to protest the fatal accident to Joe Murphy of
Vigilinx, a security firm.
Its Chinese origins were assumed largely because the worm mailed
exploit information back to mail addresses belonging to
sinanet.com, which provides the sina.com site, a China-oriented web
portal.

If this is the case, it was a fast piece of work, since the
SANS
advisory regarding the worm reported that Adore began to spread
on April 1. On the other hand, the raw material was already there:
Adore was described by SANS as a variant of two earlier
Linux-targetting worms: Ramen and Lion. Lion arrived on the scene
barely a week before Adore. According to the site Whitehats.com,
a Chinese hacker named “Lion” created the worm “as a warning
against the Japanese because of controvertial books currently used
in Japanese schools,” which reportedly downplay the Japanese
occupation of China and Korea and The Rape of Nanking.

Adore and Lion both target exploits most Linux distributors
patched well before their advent.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.