I received this information from one of my co-workers. It's worth checking to see if you have this thing. Gene Collins Date: Thu, 5 Apr 2001 07:59:14 -0500 To: ua at iastate.edu From: Jeff Balvanz <jbalvanz@xxxxxxxxxxx> Subject: Adore worm for Linux worm in wild and on campus A new Linux worm has been detected on campus. The Adore worm exploits known vulnerabilities in LPRng, rpc-statd, wu-ftpd and BIND. (LPRng is installed on Red Hat 7 systems by default.) It mails critical system information to four e-mail addresses, then installs a backdoor. The worm then scans the network for other vulnerable systems, generating a large amount of network traffic. A script for detecting and removing the worm files is available at the URL http://www.sans.org/y2k/adorefind-0.2.0.tar.gz. For prevention, install updates to the components above (see your Linux distributor for more details.) For more information, see the URL http://www.sans.org/y2k/adore.htm.
