Forwarded From: Nelson Murilo <nelson@pangeia.com.br>
[http://www.zdnet.com/intweek/stories/news/0,4164,2169798,00.html]
Worms Invade, To Network Operators' Dismay
By Randy Barrett
November 30, 1998 9:41 AM ET
Network operators around the world are trying to eradicate a "worm"
program that has taken over the central programming of many of their
computers and disrupted operations.
The intrusion appears to be aimed at Internet service providers' Internet
Message Access Protocol (IMAP) servers, which manage e-mail
systems.Networks running the Linux operating system version 5.0 from Red
Hat Software Inc. on Intel Corp.-based machines appear to be particularly
susceptible.
The problem was identified in June by the Computer Emergency Response Team
at Carnegie Mellon University. Red Hat, as well as other vendors, posted
software fixes, but not everyone was aware of the breach; some didn't
patch their operating software. Now, hackers are using the weakness to
perpetuate the worm program. The program quietly takes over key components
of the root, or central, program and uses the host computer to probe and
attack other networks without the systems administrator's knowledge.
"The problem with these things is that once they become known, hackers use
the CERT advisories to probe networks," said Daniel Senie, president of
Amaranth Networks Inc. Someone tried to break into Senie's network to find
the IMAP weak spot, but the firewall held. The hacker left a few clues
behind: The attacks came from California Polytechnic State University, the
City University of New York and several other schools. But those locations
aren't likely to be the hackers' home base. "They've done a reasonable job
making it look like the [code] they added was there all along," he said.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Tue Dec 8 09:01:14 1998