A dangerous worm is spreading across the Internet and infecting Linux servers running vulnerable domain name software, the SANS Institute warned this morning. Called Lion, the worm steals passwords, installs and hides other hacking tools on infected systems, and then uses those systems to seek other servers to attack, SANS said. The Bethesda, Md.-based research organization for systems administrators and security managers added that the worm may also have the potential to attack Unix servers.
Lion takes advantage of a vulnerability in the Internet Software Consortium's Berkeley Internet Name Domain (BIND) server that was disclosed in January (see story). BIND allows Domain Name System (DNS) servers to translate text-based Web addresses, such as Computerworld.com, into appropriately numbered IP addresses that can be used by computers to direct traffic on the Net.
The link for this article located at ComputerWorld is no longer available.
