Search /
Docfinder:

RESEARCH CENTERS

Applications
Careers
Convergence
Data Center
LANs
Net/Systems Mgmt.
NOSes
Outsourcing
Routers/Switches
Security
Service Providers
Small/Med.Business
Storage
WAN Services
Web/e-commerce
Wireless/Mobile

SITE RESOURCES

Daily News
Newsletters
This Week in NW
Tests/Reviews
Buyer's Guides
Opinion
Forums
Special Issues
How to/Primers
Case Studies
Network Life
Encyclopedia
IT Briefings

TODAY'S NEWS

•	Microsoft researchers test microblogging service
•	Desktop Virtualization: Microsoft, VMware in Cost Smackdown
•	Ethernet switches, routers, Wi-Fi on the upswing
•	Palm Prime for Acquisition
•	8 things you didn't know about Windows Phone 7
•	Multicore requires OS rework, Windows architect advises
•	Novell's Pulse enterprise 2.0 suite goes beta next week
•	Qwest CEO's pay package rises 6%
•	EMC chief's pay drops 23% to $9 million
•	Judge approves Facebook's settlement offer in Beacon case
•	National broadband plan: What’s in it for businesses?
•	Mobile developers take measure of Windows Phone 7
•	Comcast, ISC offer IPv6 transition tool
•	New Cisco Ethernet switches to play broader video, security roles
•	Windows XP: No IE9 for you
•	More breaking news

/

'Lion' worm targets Linux

By Ellen Messmer
Network World, 03/26/01

BETHESDA, MD. - Security experts associated with the SANS Institute have discovered a dangerous computer worm dubbed "Lion" that spreads through Linux computers.

The worm is capable of scanning the Internet to look for Linux computers with the known vulnerability in the BIND Domain Name Server.

After the worm has infected a machine and installed itself, it steals password files and transmits them to the China.com Web site. It also installs other hacking tools, making the machine available for further compromise. Allan Paller, director of the institute, cautions that although the China.com appears to be receiving stolen passwords, the possibility exists that China.com has been compromised by someone.

Paller says many Linux computers appear to have not yet installed the upgrade fix for the BIND vulnerability detailed last January. Now, two security experts have identified the computer worm that is believed to have infected thousands of Linux-based servers, with the likely potential it will spread to other versions of Unix.

"The Lion worm is dangerous because in essence it represents a major attack," Paller says. "It takes machines over completely and then begins carrying out the attack on other machines."

A detection and removal toolkit is available at SANS. Information on the BIND DNS vulnerability can be found at CERT .

RELATED LINKS

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!

New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE

Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.

HOME

RESEARCH CENTERS

NEWS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.