All tricks in this blog are only for educational purpose. Learn these tricks only for your knowledge. Please donot try these to harm any one. We will not take any responsibility in any case. All softwares and tools on this site are here for private purposes only and If you want to use a software for business purpose, please purchase it. I do not host many of these tools. I Post links that I have found from numerous Search engines. I will not be responsible for any of harm you will do by using these tools.


Friday, July 8, 2011

Linux : Lion Worm Continues Rampage

The Lion worm has been found spreading itself across the Internet by exploiting a known vulnerability in BIND on Linux systems. Once the worm gains root permissions by exploiting BIND, it emails to a china.com address /etc/passwd, /etc/shadow, and some network settings; removes /etc/hosts.deny, installs back doors that listen on ports 60008 and 33567; stops syslogd; replaces login with a version with a back door; and installs the t0rn root kit.

The Lion worm then starts scanning random class B network ranges for its next victim. There are two known versions of the worm propagating across the Internet with only minor differences reported between them.

Read Full Articles From Here...