[oclug] further info on Lion worm
burns at burnsmacdonald.com
Wed Mar 28 20:17:21 EST 2001
Tom Goulet wrote:
> On Wed, Mar 28, 2001 at 12:16:50PM -0500, Dave Edwards wrote:
>> However, why is this one being called a ``Linux virus?'' Surely it will
>> affect any Unix server running the pre-fix Bind?
> I'm just assuming the virus is actually a Linux binary.
Strictly speaking, it is a trojan.
The delivery vehicle targets directory structures unique to Linux. The
payload exploits a known BIND vulnerability common to all BIND versions,
(including Unix) less than v8.23 (I believe).
More information about the OCLUG