[plug] OT: latest worm affecting bind
Christian
christian at amnet.net.au
Thu Mar 29 10:35:39 WST 2001
On Wed, Mar 28, 2001 at 04:26:37PM +0800, Jon Miller wrote:
> Thankfully, SANS has developed a utility called Lionfind that will
> detect the infected system. This utility lists files on the system are
> suspect; however, it is not able to remove the virus at this time.
> Download Lionfind at: http://www.sans.org/y2k/lionfind-0.1.tar.gz
I hope this sort of "solution" doesn't become common. If the author of
the Lion worm is smart he/she will just write an "upgrade" which changes
its behaviour a little so as not to be detected by this. Being a worm
the upgrade can just be released and automatically propagate in exactly
the same way as the original worm.
(Also curious that the URL above puts the lionfind tarball in a
directory called "y2k"... no idea what it has to do with the Y2K issue
or even that year in general...)
--
DSA 0x0EC1D28C: BBCB 0D79 4EBB 078A A066 7267 8BED E9D6 0EC1 D28C
More information about the plug
mailing list