This seems so similar to the Millennium Internet Worm that hit me a couple years ago. Strange thing is, there is so little about it on the Internet (google search for "millennium internet worm" shows 9 hits, all but two are from my e-mails or web site. The other two are in Korea which seems to describe how to launch a similar worm. I know this thing is still out there, and still works on Red Hat as I have received e-mail about it as recently as November, 2000. Red Hat closed the trouble ticket without explanation, just "It is closed" so it is not fixed. I guess there are not too many outbreaks of MIW to concern too many people. George Kevin Brown wrote: > > Looks to be an automated self propagating script. Uses lpr or wuftp > vulnerabilities to get in, closes the holes, installs a root kit and then tries > to find a new site to hit. So unlike a windows worm that just needs an idiot > user to propagate it, this one requires that the admin didn't close those two > holes by either upgrading the daemons or, as I do, shutting them > off/uninstalling the unnecessary rpms. > > > > this bears reading folks.... > > > looks like the cyberpunks are at it again. :( > > > http://www.theregister.co.uk/content/6/16168.html > > > > I always knew there was a connection between worms and ramen noodles. > > ________________________________________________ > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail. > > Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss