Security Incidents mailing list archives
Lion Worm/crew.tgz
From: Alfred Huger <ah () SECURITYFOCUS COM>
Date: Fri, 23 Mar 2001 10:24:02 -0700
Neil Long <neil.long () computing-services oxford ac uk> mailed me and mentioned that it might be worth pointing out that the SANS GIAC analysis is not valid for the crew.tgz version that was sent to Incidents by Andreas stling <andreaso () IT SU SE> There is no t0rn rootkit involved and the root shell is on 1008 so their Lionfind may be misleading. Of course, they could be half a dozen variants on the loose by this stage. VP Engineering SecurityFocus.com "Vae Victis"
Current thread:
- Lion Worm/crew.tgz Alfred Huger (Mar 23)
- Re: Lion Worm/crew.tgz David Brumley (Mar 23)
- Re: Lion Worm/crew.tgz Andreas Östling (Mar 23)
- Re: Lion Worm/crew.tgz Joshua Krage (Mar 23)
- Re: Lion Worm/crew.tgz Neil Long (Mar 24)
- Re: Lion Worm/crew.tgz Michael H. Warfield (Mar 24)
- Re: Lion Worm/crew.tgz Andreas Östling (Mar 24)
- Re: Lion Worm/crew.tgz Michael H. Warfield (Mar 24)
- Re: Lion Worm/crew.tgz Dave Dittrich (Mar 26)
- Re: Lion Worm/crew.tgz Andreas Östling (Mar 24)
- Re: Lion Worm/crew.tgz John Jasen (Mar 26)
- Re: Lion Worm/crew.tgz Cooper (Mar 26)