New Unix worm could be next Code Red

posted onSeptember 11, 2001
by hitbsecnews

A new Internet worm designed to attack a common flaw in Unix systems has been confirmed dead, but security experts are warning that the self-propagating worm could be the next Code Red. The X.C worm exploits a newly discovered hole in the telnet service that is run on most Unix systems. Antivirus companies are concerned that crackers will have learned from the success of the Code Red worm and its variants, and will be encouraged by the length of time that it takes system administrators to patch machines against publicized vulnerabilities.

"This is going to go along the same lines as Code Red, as virus writers will know that a lot of machines will be vulnerable," said Mark Read, systems security analyst for computer security company MIS Corporate Defence Solutions. "This is definitely the way forward with viruses, as it removes the need for humans to double click on attachments in order for the worm to spread, and instead looks for servers that have not been patched."

A new Internet worm designed to attack a common flaw in Unix systems has been confirmed dead, but security experts are warning that the self-propagating worm could be the next Code Red.
The X.C worm exploits a newly discovered hole in the telnet service that is run on most Unix systems. Antivirus companies are concerned that crackers will have learned from the success of the Code Red worm and its variants, and will be encouraged by the length of time that it takes system administrators to patch machines against publicized vulnerabilities.

"This is going to go along the same lines
as Code Red, as virus writers will know that
a lot of machines will be vulnerable," said
Mark Read, systems security analyst for
computer security company MIS Corporate
Defence Solutions. "This is definitely the
way forward with viruses, as it removes the
need for humans to double click on
attachments in order for the worm to
spread, and instead looks for servers that
have not been patched."

The FBI's National Infrastructure Protection
Centre (NIPC) issued an alert on the X.C
worm on August 30th, and analysts at
SecurityFocus have now confirmed that the
spread of the virus has been contained
due to the program's dependency on a file
located on a Web server in Poland. But
infected systems will still be able to break
into other vulnerable hosts, and might have
succeeded in installing "back doors" on
previously attacked systems.

The X.C worm can affect Solaris, SGI IRIX
and Open BSD. It targets a buffer overflow
exploit in the Telnetd system, and attempts
to fetch a copy from the program's source
code named "x.c." from the Polish server
and replicate it on the victim host.

"Telnetd is very insecure when you are connecting to a Unix box from a remote station, as everything is sent across
the network. If someone is using a packet sniffer, it is easy to find out a person's username and password," said
Read.

X.C never posed a serious threat, as it only targeted a limited number of Unix systems. "This could have been a test
version, or was programmed incorrectly," said Read. But security firms are warning that the next version is likely to be
as virulent as Code Red, attacking more popular operating systems such as RedHat 7.0 that include Telnetd in the
default.

ZDNet.

Source

Tags

Networking

You May Also Like

Other Articles In This Section

Recent News

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes
Apple announces macOS 15 Sequoia with window tiling, iPhone mirroring, and more
Apple integrates ChatGPT into Siri, iOS, and macOS
British police to scan 480,000 Formula 1 fans’ faces at Silverstone
Hackers steal “significant volume” of data from hundreds of Snowflake customers

Friday, June 7th

7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope
FCC pushes ISPs to fix security flaws in Internet routing
Can a technology called RAG keep AI models from making stuff up?
How to Lead an Army of Digital Sleuths in the Age of AI

Thursday, June 6th

Mystery object waits nearly an hour between radio bursts
Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
Ex-Microsoft security expert torches Windows' new 'Recall' feature
The Age of the Drone Police Is Here

Wednesday, June 5th

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File
TikTok Hack Targets ‘High-Profile’ Users via DMs