Re: [tlug] possible trojan..not sure...help please

[Jonathan Q <jq@example.com>]

On Wednesday 16 April 2003 14:37, Godwin Stewart wrote:
> And Thus Spake "Thomas Kruemmer" <tkruemmer@example.com> (on Wed, 16 Apr
>
> 2003 08:42:52 +0900):
> > It spreads by scanning random class B IP networks for hosts that are
> > vulnerable to a remote exploit in the Bind name service daemon. Once it
> > has found a candidate for infection it attacks the remote machine and, if
> > successful, downloads and installs a package from coollion.51.net.
>
> I take it this means that if I'm running a non-vulnerable BIND, or if my
> BIND isn't open to the world (only used as a local nameserver) then I'm
> safe from this one?

From sans.org:

It is known to infect BIND version(s) 8.2, 8.2-P1, 8.2.1, 8.2.2-Px. BIND 8.2.3-REL
and BIND 9 are not vulnerable. The BIND vulnerability is the TSIG vulnerability
that was reported back on January 29, 2001.

The complete text is here:
http://www.sans.org/y2k/lion.htm

-- 
Jonathan Q
GPG key ID: ACC46EF9 (E52E 8153 8F37 74AF C04D  0714 364F 540E ACC4 6EF9)
To get my public key: gpg --recv-keys --keyserver pgp.mit.edu ACC46EF9

Attachment: pgp00059.pgp
Description: signature