Author Topic: Another Linux worm surfaces (Read 745 times)

slave · « **on:** 9 October 2002, 06:59 »

http://www.theage.com.au/articles/2002/10/08/1033538931238.html

October 8 2002

"Another Linux worm, known as Mighty, is making the rounds, according to information available from Russian anti-virus vendor Kasperksy Labs.

Kaspersky Labs has so far registered over 1,600 infected systems worldwide.

Mighty uses the same vulnerability in OpenSSL that the Slapper worm and its variants, Slapper.B and Slapper.C used and spreads in similar ways with some differences.

Mighty has the same source code spreading method as Slapper: to ensure compatibility with all versions of OpenSSL, but one of the worm's components (sslx.c, which is responsible for penetration via the security system vulnerability) does a fresh recompile on each computer.

Mighty also sets up a backdoor utility (designed to gain unauthorised control) which connects to one of the remote IRC channels from where an attacker can operate. It can this leak out information, corrupt data, and use infected machines to conduct distributed denial of service attacks."

this OpenSSL vulnerability has been around for quite a while now! I guess some Linux users are as bad at updating their systems reguarly as Windows users are.

Master of Reality · « **Reply #1 on:** 9 October 2002, 07:04 »

all ya gotta do is upgrade OpenSSL and you will be fine.

pkd_lives · « **Reply #2 on:** 9 October 2002, 07:05 »

The Patch for the vulnerability was released a while ago.

voidmain · « **Reply #3 on:** 9 October 2002, 07:58 »

Let's see, we have two Windows geeks here and every time a new Linux vulnerability comes out they both have to post it. Geez if we started posting every Windows vulnerability the web master would have to get some more disk drives to hold the database.

zooloo · « **Reply #4 on:** 9 October 2002, 15:56 »

When there is a Linux vulnerability the whole community shouts about it from the roof tops.

When there is an MS vulnerability they deny that any such thing is possible, then blame the users for not updating.

Sure shit happens, but it's what you do about it that counts - the Linux community seems to take pride in fixing bugs etc. Meanwhile MS fudge it, take ages to sort out the problem and then they act like they are doing the users some kind of favour.

I know where my business is going to.

hm_murdock · « **Reply #5 on:** 9 October 2002, 16:25 »

so... we've got two Linux worms making the rounds now. Both exploit the same security hole. One that's

a) terribly rare
b) already patched

so... how is this a "new" threat?

oh, yeah... we never claimed UNIX/Linux was perfect. We just said it was scads better than that thrown-together FUD-marketed shithole kludge of a trash heap that Microsoft masquerades as an "operating system".

Now piss off before you're pissed on.

edit: if in case you didn't notice, you raised my ire!

[ October 09, 2002: Message edited by: The Jimmy James ]

Calum · « **Reply #6 on:** 9 October 2002, 16:46 »

for a good while now the windoid regulars have been eager to discover the odd *nix security problem and post it here. i have *never* seen a unix vulnerability that has not already been patched be posted on this site.

However - i am grateful to the windoids for trying to help us identify areas of concern so we know to update a particular piece of software. As, i think, void main said, there's no way i would waste my time attempting to return the favour and post all the windows security holes, what woul dbe the point anyway? many of them don't have adequate fixes.

So, thanks to the windoids, but really there are a lot of linux developers out there who are quicker off the mark than you are at letting people know about security vulnerabilities, and more to the point, providing failsafe fixes for them, so don't waste your time, guys, people are already doing what you are doing.

thanks anyway!

Pantso · « **Reply #7 on:** 9 October 2002, 17:30 »

quote:
Originally posted by void main:
Let's see, we have two Windows geeks here and every time a new Linux vulnerability comes out they both have to post it. Geez if we started posting every Windows vulnerability the web master would have to get some more disk drives to hold the database.

Hey, that's what I wanted to post :mad: . Couldn't have said it better void

Pantso · « **Reply #8 on:** 9 October 2002, 17:32 »

quote:
Originally posted by Calum:
for a good while now the windoid regulars have been eager to discover the odd *nix security problem and post it here. i have *never* seen a unix vulnerability that has not already been patched be posted on this site.

However - i am grateful to the windoids for trying to help us identify areas of concern so we know to update a particular piece of software. As, i think, void main said, there's no way i would waste my time attempting to return the favour and post all the windows security holes, what woul dbe the point anyway? many of them don't have adequate fixes.

So, thanks to the windoids, but really there are a lot of linux developers out there who are quicker off the mark than you are at letting people know about security vulnerabilities, and more to the point, providing failsafe fixes for them, so don't waste your time, guys, people are already doing what you are doing.

thanks anyway!

Perhaps they should as well be forwarding their messages to major Linux vendors out there or the open source community in general. That would really help them fix those flaws up even quicker

lazygamer · « **Reply #9 on:** 9 October 2002, 22:55 »

I have yet to see a linux virus or vunerability thread here that isn't debunked like a bad myth.(not saying it's a myth though)

Can XP loo-sah or Zombie ever post something that MES responds "Damn, that could hurt alot of n00bs! Luckily most malicous h4x0rs don't use *nix, let alone know about that particular issue."

pkd_lives · « **Reply #10 on:** 9 October 2002, 23:03 »

quote:
Originally posted by Windows XP User #5225982375:

this OpenSSL vulnerability has been around for quite a while now! I guess some Linux users are as bad at updating their systems reguarly as Windows users are.

I could not agree more. Lax security methods - there is little excuse.

xyle_one · « **Reply #11 on:** 10 October 2002, 00:15 »

i gained a whole new respect for linux last night as i was checking my mail and Redhat sent me an email detailing a bug/problem with fetch mail (i think it was fetch mail anyways), they also provided the link to the update, and gave a detailed description of the problem. i believe the fix was posted soon after it was discovered. how fucking cool is that ?!!

now, when a bug is discovered in windows, it would take, what like 3years for them to fix it, if they fix it, let alone even tell me about it. so fuck off microsoft. if there were a virus out to get linux, i think that as soon as it were discovered, someone would find a way to neutralize it, and be kind enough to spread the solution to the community. i dont think that would be possible in windows, it will always be an insecure "operating system"
anyways, go linux

RudeCat7 · « **Reply #12 on:** 10 October 2002, 05:59 »

Actually, they would say..." it's an undocumented feature, and if it's causing problems, then it's because you don't know how to use it properly, you dumbass uneducated windows user! By the way, you should upgrade to our new and improved release, this one really works!"

I would

, but it's sadly true.

Stop Microsoft

News:

Author Topic: Another Linux worm surfaces (Read 745 times)

slave

Another Linux worm surfaces

Master of Reality

Another Linux worm surfaces

pkd_lives

Another Linux worm surfaces

voidmain

Another Linux worm surfaces

zooloo

Another Linux worm surfaces

hm_murdock

Another Linux worm surfaces

Calum

Another Linux worm surfaces

Pantso

Another Linux worm surfaces

Pantso

Another Linux worm surfaces

lazygamer

Another Linux worm surfaces

pkd_lives

Another Linux worm surfaces

xyle_one

Another Linux worm surfaces

RudeCat7

Another Linux worm surfaces