high
Summary
Summary
Action- More Information
| Detected by | All Sophos products |
|---|---|
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing infected executable files.
More Information
Please note: This worm does not infect Windows users.
This is an internet worm for Linux. It attempts to use three remote exploits to gain access to computers running
Once executed the worm remains running until the machine is switched off. While the worm is active it will choose a class B internet network at random and probe all addresses in the range looking for machines to infect.
The worm may delete /usr/sbin/lpd or /sbin/rpc.statd or /usr/sbin/rpc.statd to close the exploit it used to gain access to the system.
In order to propagate copies of itself it installs a service named asp, either by appending a line to /etc/inetd.conf or by overwriting the file /etc/xinetd.conf. The worm replaces all index.html files on the computer with an HTML file containing the text
'Hackers looooooooooooooooove noodles.'Sophos recommends Red Hat Linux users update their systems with the latest security patches.
For more information, please consult the Red Hat Linux website.
|
