Displaying 1 result from an estimated 1 matches for "gimmeip".
Did you mean:
gimmieip
1999 Mar 29
0
Re: ADM Worm. Worm for Linux x86 found in wild. (fwd)
...gimmieip" binary takes care
> of that. Someone with more time can dissect it and post the results.
True, it will start with a random IP number, then scan sequentially
onwards, e.g. 1.1.1.1 1.1.1.2 etc. and re-start at 255.255.255.255.
The infection routine works like this (shell script):
./gimmeip | ./incremental | ./scanner | ./exploit
> As far as disinfection, I have not had time to work up a disinfection
> procedure. It could be as simple as rebooting to single-user and deleting
Yes, its simple. Remove the "w0rm" user from /etc/passwd and kill its
processes. The securi...