Free Web Hosting Provider - Web Hosting - E-commerce - High Speed Internet - Free Web Page
Search the Web

New Unix worm could be next Code Red

A new Internet worm designed to attack a common flaw in Unix systems has been confirmed dead, but security experts are warning that the self-propagating worm could be the next CodeRed.

The X.C worm exploits a newly discovered hole in the telnet service that is run on most Unix systems. Antivirus companies are concerned that crackers will have learned from the success of the Code Red worm and its variants, and will be encouraged by the length of time that it takes system administrators to patch machines against publicized vulnerabilities.

"This is going to go along the same lines as Code Red, as virus writers will know that a lot of machines will be vulnerable," said Mark Read, systems security analyst for computer security company MIS Corporate Defence Solutions. "This is definitely the way forward with viruses, as it removes the need for humans to double click on attachments in order for the worm to spread, and instead looks for servers that have not been patched."

The FBI's National Infrastructure Protection Centre (NIPC) issued an alert on the X.C worm on August 30th, and analysts at SecurityFocus have now confirmed that the spread of the virus has been contained due to the program's dependency on a file located on a Web server in Poland. But infected systems will still be able to break into other vulnerable hosts, and might have succeeded in installing "back doors" on previously attacked systems.

The X.C worm can affect Solaris, SGI IRIX and Open BSD. It targets a buffer overflow exploit in the Telnetd system, and attempts to fetch a copy from the program's source code named "x.c." from the Polish server and replicate it on the victim host.

"Telnetd is very insecure when you are connecting to a Unix box from a remote station, as everything is sent across the network. If someone is using a packet sniffer, it is easy to find out a person's username and password," said Read.

X.C never posed a serious threat, as it only targeted a limited number of Unix systems. "This could have been a test version, or was programmed incorrectly," said Read. But security firms are warning that the next version is likely to be as virulent as Code Red, attacking more popular operating systems such as RedHat 7.0 that include Telnetd in the default.

By Wendy McAuliffe
ZDNet (UK)
Copyright © 2001, All Rights Reserved.
Created & Maintained by VQUEST.