This binary is capable of providing remote execution with full administrator privilege to the attacker who places it on a target system. As such if you think your systems my have been compromised with this malware you should take steps to effect cleanup (see http://www.cert.org). Further detail on the specifics of this malware can be found at: advisory.html.
This binary is only known to affect Linux systems. It could be introduced to a Linux system by a shellcode or other network attack, or by social engineering. The principal vulnerable systems would be Linux hosts operating insecure / outdated software as root. It is also possible that a local administrator could be tricked into running the binary.
This program is presently NOT expected to propagate in a virulent manner, and we do not have current concern for a widespread outbreak. However any system which has been successfully infected may be used by an intruder to propagate other attacks.
Based on the network connection methods employed by this malware, we would strongly advise that any organization which finds it has been penetrated with this binary may wish to look at their infrastructure and ISP connection access security.
Copyright © 2002 FW Systems LLC, All Rights Reserved