I've been reading a couple of different things about Carko, and I'm
still trying to figure out what it is. According to the Korean gov, it's
a worm that attacks BIND. According to incedents.org
(http://www.incidents.org/news/carko.php) it's a DDoS utility that
exploits a bux in snmpXdmid. CERT is reporting that it is a variant of
Stacheldraht. If you do a search on SecurityFocus for Carko, you'll get
a bunch of articles, all with major differences. Every site seems to
have a different accounting of what it is, how it works, and what the
exposure rate is. Either this is the most heavily mutated software in
history, or someone is having fun with the press.
C-Ya,
Kenny
> Andrew Bacchi wrote:
>
> I did not see this warning posted here, so I'm sending it along. It
> attacks DNS vulnerbilities.
>
> http://www.linuxsecurity.net/articles/network_security_article-2933.html
>
> --
> Andrew G. Bacchi
> System Manager
> Hanover Capital Management (dba AIRS)
> 35 So. Main St.
> Hanover, NH 03755
> 603 643-8789 office
> 603 359-2868 cell
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
