X.C is continuing the trend for worms that look for unpatched systems rather than clueless individuals
A new Internet worm designed to attack a common flaw in Unix systems has been confirmed dead, but security experts are warning that the self-propagating worm could be the next Code Red.
The X.C worm exploits a newly discovered hole in the telnet service that is run on most Unix systems. Antivirus companies are concerned that crackers will have learnt from the success of the Code Red worm and its variants, and will be encouraged by the length of time that it takes system administrators to patch machines against publicised vulnerabilities.
"This is going to go along the same lines as Code Red, as virus writers will know that a lot of machines will be vulnerable," said Mark Read, systems security analyst for computer security company MIS Corporate Defence Solutions. "This is definitely the way forward with viruses, as it removes the need for humans to double click on attachments in order for the worm to spread, and instead looks for servers that have not been patched."
The X.C worm can affect Solaris, SGI IRIX and Open BSD. It targets a buffer overflow exploit in the Telnetd system, and attempts to fetch a copy from the program's source code named "x.c." from the Polish server and replicate it on the victim host.
"Telnetd is very insecure when you are connecting to a Unix box from a remote station, as everything is sent across the network. If someone is using a packet sniffer, it is easy to find out a person's username and password," said Read.
News source: ZDNet News UK