Date: Wed, 19 Sep 2001 19:20:55 -0700 (PDT) From: Bigby Findrake <bigby@bizatch.org> To: Dru <genisis@istar.ca> Cc: Mike Tancsa <mike@sentex.net>, security@FreeBSD.ORG Subject: Re: FreeBSD virus ? Message-ID: <1000952455.3ba95287e9d96@webmail2.bizatch.org> In-Reply-To: <20010919214542.U87443-100000@x1-6-00-50-ba-de-36-33.kico1.on.home.com> References: <20010919214542.U87443-100000@x1-6-00-50-ba-de-36-33.kico1.on.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
From the readme in that tarfile: ---------------------------------------- Woodworm - a UNIX virus by Mixter Disclaimer: This program is distributed under the GNU GPL, which implies that I take no responsibility for anything it causes. Well, this one is kinda lame, it is a companion virus. It will search for ELF files starting from / recursively, and spawn copies of itself while it renames the original files (this is the classic companion virus). All it does to the ELF binaries is change their 6th byte to '0' so it recognizes them as already targetted. What are the 'advantages' of this virus? Well, it is portable. It should be 99.9% POSIX compliant, and with the right includes compile and run on every UNIX out there. Payloads: for non-root it displays a nice ANSI graphic, for root it opens a shell on port 1234. :) Mixter ---------------------------------------- Quoting Dru <genisis@istar.ca>: > > > On Wed, 19 Sep 2001, Mike Tancsa wrote: > > > While grabbing the latest copy of my NAI dat file and looking through > the > > readme to see whats new, I found this in the list of new worms > > > > > > INTERNET WORM (17) > > ------------------ > > FREEBSD/WOODWORM > > > > Huh ? Looking at their web site, I could not find anything listed as > that. > > Does anyone know what they are talking about ? Dejanews didnt show > anything > > either. > > Hi Mike, > > Wonder if it's referring to this? You're offered the ability to download > a > gzipped file, but I didn't bother as I like my FreeBSD box :) > > http://members.tripod.com/mixtersecurity/progs.html > > Dru > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > ------------------------------------------------- Be a Bizatch! http://webmail.bizatch.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1000952455.3ba95287e9d96>