[ISN] Worms Invade, To Network Operators' Dismay

From: mea culpa (jerichoat_private)
Date: Wed Dec 02 1998 - 14:40:11 PST

  • Next message: mea culpa: "Re: [ISN] Worms Invade, To Network Operators' Dismay"

    Forwarded From: Nelson Murilo <nelsonat_private>
    Worms Invade, To Network Operators' Dismay
    By Randy Barrett
    November 30, 1998 9:41 AM ET
    Network operators around the world are trying to eradicate a "worm" 
    program that has taken over the central programming of many of their
    computers and disrupted operations. 
    The intrusion appears to be aimed at Internet service providers' Internet
    Message Access Protocol (IMAP) servers, which manage e-mail
    systems.Networks running the Linux operating system version 5.0 from Red
    Hat Software Inc. on Intel Corp.-based machines appear to be particularly
    The problem was identified in June by the Computer Emergency Response Team
    at Carnegie Mellon University. Red Hat, as well as other vendors, posted
    software fixes, but not everyone was aware of the breach; some didn't
    patch their operating software. Now, hackers are using the weakness to
    perpetuate the worm program. The program quietly takes over key components
    of the root, or central, program and uses the host computer to probe and
    attack other networks without the systems administrator's knowledge. 
    "The problem with these things is that once they become known, hackers use
    the CERT advisories to probe networks," said Daniel Senie, president of
    Amaranth Networks Inc. Someone tried to break into Senie's network to find
    the IMAP weak spot, but the firewall held. The hacker left a few clues
    behind: The attacks came from California Polytechnic State University, the
    City University of New York and several other schools. But those locations
    aren't likely to be the hackers' home base. "They've done a reasonable job
    making it look like the [code] they added was there all along," he said. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:13:03 PDT