YTSEJAM Digest 5800
Today's Topics:
1) too late...damage done...
by Joshua Rasiel <megafunk@optonline.net>
2) dvd
by Joshua Rasiel <megafunk@optonline.net>
3) TEOF
by Paul Ninnis <PaulN@TimeAndPeople.com.au>
4) Aussie CD Shop
by Paul Ninnis <PaulN@TimeAndPeople.com.au>
5) Re: Response to Fluttering
by "Dark Majesty" <shadow_majesty@hotmail.com>
6) Original Ytsejam T-Shirts
by Tom Tubbiola <ttubbiola@earthlink.net>
7) Re: TEOF
by =?iso-8859-1?Q?Mauricio_Mart=EDnez?= <al769526@mail.mty.itesm.mx>
8) Re: Aussie CD Shop
by "Paul Tadday" <dreamryche@bigpond.com>
9) The Tea Party DVD
by Michael Kizer <mike@ivorygate.com>
10) Metalfests - Graham's Giglist
by "charles.farrell@mail.tesco.net" <charles.farrell@mail.tesco.net>
11) RE: Colored e-mail
by Steve <steve@wolvie.co.uk>
12) Re: Metalfests - Graham's Giglist
by Graham Borland <graham@picsel.com>
13) Re: Original Ytsejam T-Shirts
by "Kez" <kez@stickdog.com>
14) Re: Original Ytsejam T-Shirts
by "Kez" <kez@stickdog.com>
15) RE: YTSEJAM digest 5799
by "Ashley Wong (ETL)" <ashley.wong@etl.ericsson.se>
16) BlackJack Anyone???
by dfsgwert@mail2.brownwhitegreen.com
17) OFF-TOPIC: Warning to Linux users
by "Souter, Jan-Michael" <JSouter@healthaxis.com>
----------------------------------------------------------------------
Date: Thu, 22 Mar 2001 18:31:30 -0500
From: Joshua Rasiel <megafunk@optonline.net>
To: ytsejam@torchsong.com
Subject: too late...damage done...
Message-ID: <3ABA8B52.F4915836@optonline.com>
> I ordered a yellow ytseshirt, so shut yo' trap!
You've sent me into a spiral of despair and twinkies. Don't back out
now!
-josh
------------------------------
Date: Thu, 22 Mar 2001 18:33:36 -0500
From: Joshua Rasiel <megafunk@optonline.net>
To: ytsejam@torchsong.com
Subject: dvd
Message-ID: <3ABA8BD0.8D44C455@optonline.com>
>Once you have a DVD player, you'll never go back to VHS. The leap in
>sound and picture quality, and convenience, is phenomenal.
yeah, yeah, yeah...just give me the extra tracks and commentaries! That
alone is better than all that picture quality stuff. It's almost the
norm now.
josh
------------------------------
Date: Fri, 23 Mar 2001 10:40:19 +1030
From: Paul Ninnis <PaulN@TimeAndPeople.com.au>
To: ytsejam@torchsong.com
Subject: TEOF
Message-ID: <61BA286C6C56D11187B50000E83A13CB2954BD@EDDIE>
Joined the Symphony X mailing list couple of days back,
received about 2 messages in about 3 hours, then logging
on the next morning with well over 100. Unfortunately
most had nothing to do with music, so ended up unsubscribing.
This digest form is so much more convenient.
------------------------------
Date: Fri, 23 Mar 2001 10:43:31 +1030
From: Paul Ninnis <PaulN@TimeAndPeople.com.au>
To: ytsejam@torchsong.com
Subject: Aussie CD Shop
Message-ID: <61BA286C6C56D11187B50000E83A13CB2954BE@EDDIE>
For any other Australian's, I found a cool online CD store,
that doesn't charge the earth, and certainly saves you a lot
of money buying from the US and suffering for the conversion
rate and shipping costs... it's www.metalmayhem.com.au based
in Melbourne.
Bought a few CDs and got them the next day, including a couple of
newies...
Savatage - Poets and Madmen, absolutely sensational, even includes a
bonus
Mpeg of Handful of Rain.
Ice Age - Liberation, which isn't bad, but a bit too similar
to The Great Divide... it seems pretty much to be The Great Divide II.
Still very good though.
Anyone got other comments on these discs?
They have a very extensive range... pretty much all of
Symphony X, Stratovarius, Royal Hunt, Fates Warning, Pain Of Salvation,
Vanishing Point, Vanden Plas... you name it.
Oh yea, they said they'll be getting the DT DVD in too, so it may be
cheaper through them than buying from OSt too.
------------------------------
Date: Thu, 22 Mar 2001 18:34:12 -0600
From: "Dark Majesty" <shadow_majesty@hotmail.com>
To: ytsejam@torchsong.com
Subject: Re: Response to Fluttering
Message-ID: <F237xDbH8J0sca0Zkfz000081aa@hotmail.com>
Thanks a lot, man! I'm not too familiar with the Floyd Rose system, and any
help is definitely appreciated.
Now playing: Dream Theater - "Lifting Shadows Off A Dream"
Thanks again,
--96
>>In response to "Dark Majesty's" question about the floyd rose trem:
The instruction manual tells you that the arm should be parallel to the body
as a refrence to how much tension you need on your springs vs your strings.
if your arm is up too high, you need to tighten your strings and loosen your
springs in the back of the guitar. that will stabalize the arm and put the
bridge in playing position. having your bridge alligned incorrectly can
lower the life on your strings and also make the guitar suck to play. I work
at Guitar Center in Baltimore and I take in used Ibanez and Jackson guitars
all the time with poorly treated trem systems. It is a shame to see. Visit
jemsite.com and look at their suggestions for how to get your floyd rose in
perfect shape. if you get your trem set up right, you'll be able to flutter
much better.
Chris<<
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
------------------------------
Date: Thu, 22 Mar 2001 16:38:09 -0800
From: Tom Tubbiola <ttubbiola@earthlink.net>
To: <ytsejam@torchsong.com>
Subject: Original Ytsejam T-Shirts
Message-ID: <B6DFDAF1.EA0%ttubbiola@earthlink.net>
Hi, I haven't posted here for a couple of years but have been lurking
occasionally. I was doing some spring cleaning and I just found two of the
original black Ytsejam T-Shirts (one XXL and one XXXL). I don't remember how
much they originally were but I never wore them.
They are black with a small ytsejam logo and the words "Ytsejam, the
internet mailing list" on the front at pocket level and a large DREAM
THEATER logo and the phrase "Let the light surround you" on the back. If I
remember correctly, some of the ink is glow in the dark.
If anybody is interested in buying either one or both please drop me an
email at ttubbiola@earthlink.net
Thanks,
Tom Tubbiola
------------------------------
Date: Thu, 22 Mar 2001 21:56:05 -0600
From: =?iso-8859-1?Q?Mauricio_Mart=EDnez?= <al769526@mail.mty.itesm.mx>
To: <ytsejam@torchsong.com>
Subject: Re: TEOF
Message-ID: <026301c0b34d$31d3ed40$d4aaf094@compaq.net.mx>
dude, you just missed out on a huge DT vs SX thread! it was fun!
Mauricio
----- Original Message -----
]From: "Paul Ninnis" <PaulN@TimeAndPeople.com.au>
To: "Multiple recipients of list" <ytsejam@torchsong.com>
Sent: Thursday, March 22, 2001 6:22 PM
Subject: TEOF
>
> Joined the Symphony X mailing list couple of days back,
> received about 2 messages in about 3 hours, then logging
> on the next morning with well over 100. Unfortunately
> most had nothing to do with music, so ended up unsubscribing.
> This digest form is so much more convenient.
------------------------------
Date: Fri, 23 Mar 2001 17:06:22 +1100
From: "Paul Tadday" <dreamryche@bigpond.com>
To: <ytsejam@torchsong.com>
Subject: Re: Aussie CD Shop
Message-ID: <007d01c0b35f$6364f680$643636cb@PaulTadday>
Metal Mayhem also has a shop in the city of Melbourne just near Flinders St
Station (Chris from Vanishing Point works there!), they've been around for
quite some time.
They do import a great range of cd's and vids bit they've always been a bit
on the pricey side.
I ususally prefer to order through JB HiFi here in Melbourne, they're
usually cheaper.
----- Original Message -----
]From: Paul Ninnis <PaulN@TimeAndPeople.com.au>
To: Multiple recipients of list <ytsejam@torchsong.com>
Sent: Friday, March 23, 2001 11:22 AM
Subject: Aussie CD Shop
>
> For any other Australian's, I found a cool online CD store,
> that doesn't charge the earth, and certainly saves you a lot
> of money buying from the US and suffering for the conversion
> rate and shipping costs... it's www.metalmayhem.com.au based
> in Melbourne.
------------------------------
Date: Thu, 22 Mar 2001 22:25:49 -0800
From: Michael Kizer <mike@ivorygate.com>
To: ytsejam@torchsong.com, fateswarning@egroups.com
Subject: The Tea Party DVD
Message-ID: <5.0.2.1.0.20010322222035.0287c0e0@pop3.norton.antivirus>
While we are waiting for the Dream Theater DVD, here is an awesome DVD to
check out, The Tea Party's "Illuminations". It contains all of their videos
with four different audio tracks for each one (Stereo 2.0, Dolby Digital
5.1, DTS (oh yeah), and Audio Commentary by the band). Besides all of this
there are a few behind the scenes clips hidden throughout the disc. Plus, I
think I got it for around $16 (US) from www.hmv.com
I definitely recommend this DVD (and the band) highly...
~Michael Kizer < mike@ivorygate.com > < ICQ # 2070538 >
"Enter ivory gates through midnight skies..." ~ http://www.ivorygate.com
>>> Fates Warning ~ Island In The Stream <<<
>>> Dream Theater and Kevin Moore "Unofficial" Song Books <<<
>>> Underground Internet Radio at: http://www.ytseradio.com <<<
------------------------------
Date: Fri, 23 Mar 2001 03:20:05 -0500
From: "charles.farrell@mail.tesco.net" <charles.farrell@mail.tesco.net>
To: "ytsejam@torchsong.com" <ytsejam@torchsong.com>
Subject: Metalfests - Graham's Giglist
Message-ID: <200103230320191.SM04672@m2w024>
Brian,
thanks for those links to those 2 US festivals - I'm trying hard to keep my list of Metal festivals uptodate at
http://www.powerplaymagazine.co.uk/bands/festivals/metalfest.htm
I've got 2 lined up for the next week:
Lost Horizon (no buzz about these boys yet???), Dyslesai, Mob Rules, Silent Farce ( :-)) ), Shaman (whoah! Andre Matos re=
turns!) + Rhapsody in Paris on 31st March then I race back to London to catch the
Dimmu Borgir (no thanks), In Flames, Suspiria, Nevermore (yeah!) and Lacuna Coil(drool) show at the Astoria (NB Graham - =
its moved from the smaller Mean Fiddler (was LAII) to the Astoria proper (cap 3000) due to demand).
Guess we'll catch up there Graham.
oh yeah and during the week I'm gonna see Doro play in a London pub!
I've got tickets for the Ozrics too, Priest (with Savatage as support!!!!!) and Porcupine Tree (+the marvellous Anathema =
as support). Its turning out to be a great metal year so far.
Charlie
Powerplay Magazine
http://www.powerplaymagazine.co.uk/
Go on Graham, subscribe - you need this mag, honest :-))))
--------------------------------------------------------------------
Mail2Web - Check your email from the web at
http://www.mail2web.com/ .
------------------------------
Date: Fri, 23 Mar 2001 10:25:22 +0000
From: Steve <steve@wolvie.co.uk>
To: ytsejam@torchsong.com
Subject: RE: Colored e-mail
Message-ID: <5.0.2.1.2.20010323101750.01c55240@pop3.btconnect.com>
> >
> > God that last jam was hard to read. Did anyone else in digest mode get
it
> >
> > with a black background? I was so frustrated until I realized that by
> > hitting "respond" to it, all of a sudden I had white background and
could
> > read everything. :) Heh. Been that kind of a day.
> >
> >
>
>That could be because of the spam, since sometimes it sets diferent colors
>or fonts.....
>but since you where the only one, maybe not.
Just throwing my 2 cents in.. I get multicolored digests nearly every
time.. in fact 5799 was a nice pastel blue background.. 5798 was green.
The black one a few digests ago if left long enough DID come up with just
the spam web page for UsaBizlinks and no ytse stuff.. this was fixed by
forwarding the message to myself.. the digest came back with a normal
white background and no spam page visible (except as html text somewhere in
the digest).
------------------------------
Date: 23 Mar 2001 12:17:10 +0000
From: Graham Borland <graham@picsel.com>
To: ytsejam@torchsong.com
Subject: Re: Metalfests - Graham's Giglist
Message-ID: <861yrovfw9.fsf@picsel.com>
"charles.farrell@mail.tesco.net" <charles.farrell@mail.tesco.net> writes:
> Dimmu Borgir (no thanks), In Flames, Suspiria, Nevermore (yeah!) and
> Lacuna Coil(drool) show at the Astoria (NB Graham - = its moved from
> the smaller Mean Fiddler (was LAII) to the Astoria proper (cap 3000)
> due to demand).
Oh cool. Thanks for telling me!
> Priest (with Savatage as support!!!!!)
Things just get better and better - I'm considering seeing Priest and
Savatage in London as well as Glasgow, since that's the day before the
Spock's Beard show.
You WILL be at the Beard show this time, Charlie! You have no choice
in the matter!
> Its turning out to be a great metal year so far.
Yep. I didn't think I'd manage to beat last year's record of 14 gigs,
but I think I might just manage this year!
> Powerplay Magazine http://www.powerplaymagazine.co.uk/
>
> Go on Graham, subscribe - you need this mag, honest :-))))
Oh, all right. :-)
-- Graham Borland Picsel Technologies Ltd graham@picsel.com Glasgow, Scotland------------------------------
Date: Fri, 23 Mar 2001 07:27:59 -0500 From: "Kez" <kez@stickdog.com> To: <ytsejam@torchsong.com> Subject: Re: Original Ytsejam T-Shirts Message-ID: <002e01c0b394$b305b000$0300005a@kezp3800>
I'd like the XXL please. Get back to me.
Bryan Keyser aka Kez
----- Original Message ----- ]From: "Tom Tubbiola" <ttubbiola@earthlink.net> To: "Multiple recipients of list" <ytsejam@torchsong.com> Sent: Thursday, March 22, 2001 7:47 PM Subject: Original Ytsejam T-Shirts
> > Hi, I haven't posted here for a couple of years but have been lurking > occasionally. I was doing some spring cleaning and I just found two of the > original black Ytsejam T-Shirts (one XXL and one XXXL). I don't remember how > much they originally were but I never wore them. > > They are black with a small ytsejam logo and the words "Ytsejam, the > internet mailing list" on the front at pocket level and a large DREAM > THEATER logo and the phrase "Let the light surround you" on the back. If I > remember correctly, some of the ink is glow in the dark. > > If anybody is interested in buying either one or both please drop me an > email at ttubbiola@earthlink.net > > Thanks, > Tom Tubbiola >
------------------------------
Date: Fri, 23 Mar 2001 07:30:14 -0500 From: "Kez" <kez@stickdog.com> To: <ytsejam@torchsong.com> Subject: Re: Original Ytsejam T-Shirts Message-ID: <003f01c0b395$036dcb40$0300005a@kezp3800>
oops. You think I would have learned by now.
Please ignore the last message, unless you're Tom.
------------------------------
Date: Fri, 23 Mar 2001 16:20:19 +0100 From: "Ashley Wong (ETL)" <ashley.wong@etl.ericsson.se> To: "'ytsejam@torchsong.com '" <ytsejam@torchsong.com> Subject: RE: YTSEJAM digest 5799 Message-ID: <0BE3EAFA8B11D3118DFC0008C75D24BE0389E13F@euktcnt011.ericsson.se>
Hello All,
Hey Graham, Charlie et al, I dunno if you know about this one at the = Shepards Bush Empire.=20
Porcupine Tree at Shepherds Bush Empire, London, UK
May 11th 2001 - Shepherds Bush Empire, London, UK Special guests will be Anathema and Rothko. Tickets =A312 advance (subject to booking fee) / =A314 on the door =20 With Anathema there I'll be sure to be wearing an an extra = miserable-Goth face. Anyway, I'm off to see PT and Opeth tonight in = B=F6ras!
Ash.
------------------------------
Date: Fri, 23 Mar 2001 09:53:42 -0500 From: dfsgwert@mail2.brownwhitegreen.com To: soidrufioj@apd.mts.dec.com Subject: BlackJack Anyone??? Message-ID: <6uucuqp.l3u1nq4837bu6@mail.brownwhitegreen.com>
<HTML> <HEAD> <TITLE>casino</TITLE> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> </HEAD> <BODY BGCOLOR=#000000 topmargin="0"> <!-- ImageReady Slices (casino3.psd) --> <!-- End ImageReady Slices --> <div align="center"> <center> <table border="0" width="550"> <tr> <td width="100%" align="center"> <table border="0" width="550" cellspacing="0" cellpadding="0"> <tr> <td width="100%"> <IMG SRC="http://titan.toplevelhere.com/casino3_01.gif" width=550 height=89></td> </tr> <tr> <td width="100%"> <IMG SRC="http://titan.toplevelhere.com/casino3_02.gif" width=550 height=121></td> </tr> <tr> <td width="100%"> <IMG SRC="http://titan.toplevelhere.com/casino3_03.gif" width="550" height="157"></td> </tr> </table> </td> </tr> <tr> <td width="100%" align="center"><center> <table border="0" width="100%" bgcolor="#FFFFFF" cellspacing="0" cellpadding="6"> <tr> <td width="100%"> <p align="center"><b><font face="Tahoma" size="2" color="#800000"><img border="0" src="http://titan.toplevelhere.com/cards.jpg" align="left" width="108" height="72"></font><font face="Tahoma" size="3" color="#000000">Experience the thrill, become a pro at casino games, and win up to a million dollars, all from the comfort of your desktop!</font><font color="#800000" face="Tahoma" size="3"> </font></b></td> </tr> <tr> <td width="100%" bgcolor="#800000"><b><font color="#FFFFFF" size="2" face="Tahoma">WELCOME!</font></b></td> </tr> </center></center> <tr> <td width="100%"> <p align="left"><font face="Tahoma" size="2"><font color="#000000">Welcome to the finest, highest paying online casino. We have already paid out over a million dollars and invite you to grab your share of wealth by opening an account at our casino. <br> <br> Every day, $25,000 winners are cashing in at our highest paying online casino, and there's nothing stopping you from doing the same! Check out the bonus for </font><font color="#0000FF"><b><a href="#bonus">NEW PLAYERS!</a></b></font></font></p> <ul> <li> <p align="left"><font face="Tahoma" size="2">No downloads are necessary, and you have instant access to the games you enjoy! </font></li> <li> <p align="left"><font face="Tahoma" size="2">Opportunity to play with a proven gaming organization.</font></li> <li> <p align="left"><font face="Tahoma" size="2">Privacy is assured.</font></li> <li> <p align="left"><font face="Tahoma" size="2">Win big at our virtual tables, and you can cash out instantly! </font></li> </ul> <p align="right"><font color="#000000" face="Arial" size="2"><a style="color: #FF0000; font-family: Arial; font-size: 12pt; font-weight: bold" HREF="http://titan.toplevelhere.com">Click here to enter</a></font></td> </tr> <center><center> <tr> <td width="100%" bgcolor="#800000"><b><font color="#FFFFFF" size="2" face="Tahoma">LET THE GAMES BEGIN! </font></b></td> </tr> <tr> <td width="100%"> <p align="center"><b><font size="2" face="Tahoma">3D JAVA AND MULTIPLAYER</font></b></p> <ul> <li><b><font size="2" face="Tahoma">Real Las Vegas Style Blackjack</font></b></li> <li><b><font size="2" face="Tahoma">Caribbean Stud</font></b></li> <li><b><font size="2" face="Tahoma">Draw Poker</font></b></li> <li><b><font size="2" face="Tahoma">Slot machines (the loosest ones you'll ever find, we might add!)</font></b></li> </ul> </center></center> <p align="right"><font color="#000000" face="Arial" size="2"><a style="color: #FF0000; font-family: Arial; font-size: 12pt; font-weight: bold" HREF="http://titan.toplevelhere.com">Click here to enter</a></font></td> </tr> <center><center> <tr> <td width="100%" bgcolor="#800000"><b><font face="Tahoma" size="2"><a name="bonus"><font color="#FFFFFF"></font></a><a name="BONUS PRIZES!"><font color="#FFFFFF">BONUS PRIZES! </font></a></font></b></td> </tr> <tr> <td width="100%"><b><font size="2" face="Tahoma">Free $10 sign-up for EVERY new player, just to get you warmed up! </font></b></center></center> <p align="right"><font color="#000000" face="Arial" size="2"><a style="color: #FF0000; font-family: Arial; font-size: 12pt; font-weight: bold" HREF="http://titan.toplevelhere.com">Click here to enter</a></font></td> </tr> <center><center></center></center><center> <tr> <td width="100%" bgcolor="#800000"><b><font color="#FFFFFF" size="2" face="Tahoma">SECURITY? </font></b></td> </tr> <tr> <td width="100%"><font color="#000000" size="2" face="Tahoma">A very important issue. We use state of the art, high quality security to assure your privacy while you enjoy yourself from the comfort of your own home. </font> <p><font color="#000000" size="2" face="Tahoma">If you would like to be removed, please </font><a HREF="http://www4.gatheredsales. com/remove" style="color: #008000; font-family: Arial; font-size: 10pt; font-weight: bold"></a><font face="Arial" size="2" color="#000000"><b><a style="color: #008000; font-family: Arial; font-size: 10pt; font-weight: bold">reply</a></b></font><font color="#000000" size="2" face="Tahoma"> with REMOVE in the subject line.</font></td> </tr> </table> </td> </tr> </table> </div> </BODY> </HTML>
------------------------------
Date: Fri, 23 Mar 2001 12:38:02 -0600 From: "Souter, Jan-Michael" <JSouter@healthaxis.com> To: "'ytsejam@torchsong.com'" <ytsejam@torchsong.com> Subject: OFF-TOPIC: Warning to Linux users Message-ID: <74ACE5A6CB89D3119E6F00609720274A04B33535@ISDCRE00>
Forwarded over from the Symphony X mailing list --
Hey X'rz, I know we have a few Linux heads here, so I figured I'd forward this. I have confirmed the validity of this warning at several different respected virus sites, so it's not a hoax. http://www.sans.org/y2k/lion.htm
Additionally, there are links to CERT and a few others further down the page. ~NEVER blindly accept these warnings; follow the links and verify them before you send them on~ -------------------------- A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET March 23, 2001 7:00 AM
Late last night, the SANS Institute (through its Global Incident Analysis Center) uncovered a dangerous new worm that appears to be spreading rapidly across the Internet. It scans the Internet looking for Linux computers with a known vulnerability. It infects the vulnerable machines, steals the password file (sending it to a China.com site), installs other hacking tools, and forces the newly infected machine to begin scanning the Internet looking for other victims. Several experts from the security community worked through the night to decompose the worm's code and engineer a utility to help you discover if the Lion worm has affected your organization. Updates to this announcement will be posted at the SANS web site, http://www.sans.org
DESCRIPTION The Lion worm is similar to the Ramen worm. However, this worm is significantly more dangerous and should be taken very seriously. It infects Linux machines running the BIND DNS server. It is known to infect bind version(s) 8.2, 8.2-P1, 8.2.1, 8.2.2-Px, and all 8.2.3-betas. The specific vulnerability used by the worm to exploit machines is the TSIG vulnerability that was reported on January 29, 2001. The Lion worm spreads via an application called "randb". Randb scans random class B networks probing TCP port 53. Once it hits a system, it checks to see if it is vulnerable. If so, Lion exploits the system using an exploit called "name". It then installs the t0rn rootkit. Once Lion has compromised a system, it: Sends the contents of /etc/passwd, /etc/shadow, as well as some network settings to an address in the china.com domain. Deletes /etc/hosts.deny, eliminating the host-based perimeter protection afforded by tcp wrappers. Installs backdoor root shells on ports 60008/tcp and 33567/tcp (via inetd, see /etc/inetd.conf) Installs a trojaned version of ssh that listens on 33568/tcp Kills Syslogd , so the logging on the system can't be trusted Installs a trojaned version of login Looks for a hashed password in /etc/ttyhash - /usr/sbin/nscd (the optional Name Service Caching daemon) is overwritten with a trojaned version of ssh. The t0rn rootkit replaces several binaries on the system in order to stealth itself. Here are the binaries that it replaces: du, find, ifconfig, in.telnetd, in.fingerd, login, ls, mjy, netstat, ps, pstree, top "Mjy" is a utility for cleaning out log entries, and is placed in /bin and /usr/man/man1/man1/lib/.lib/. in.telnetd is also placed in these directories; its use is not known at this time. A setuid shell is placed in /usr/man/man1/man1/lib/.lib/.x
DETECTION AND REMOVAL We have developed a utility called Lionfind that will detect the Lion files on an infected system. Simply download it, uncompress it, and run lionfind. This utility will list which of the suspect files is on the system. At this time, Lionfind is not able to remove the virus from the system. If and when an updated version becomes available (and we expect to provide one), an announcement will be made at this site. Download Lionfind at http://www.sans.org/y2k/lionfind-0.1.tar.gz
REFERENCES Further information can be found at: http://www.sans.org/current.htm http://www.cert.org/advisories/CA-2001-02.html, CERT Advisory CA-2001-02, Multiple Vulnerabilities in BIND http://www.kb.cert.org/vuls/id/196945 ISC BIND 8 contains buffer overflow in transaction signature (TSIG) handling code http://www.sans.org/y2k/t0rn.htm Information about the t0rn rootkit. The following vendor update pages may help you in fixing the original BIND vulnerability: Redhat Linux RHSA-2001:007-03 - Bind remote exploit http://www.redhat.com/support/errata/RHSA-2001-007.html Debian GNU/Linux DSA-026-1 BIND http://www.debian.org/security/2001/dsa-026 SuSE Linux SuSE-SA:2001:03 - Bind 8 remote root compromise. http://www.suse.com/de/support/security/2001_003_bind8_ txt.txt Caldera Linux CSSA-2001-008.0 Bind buffer overflow http://www.caldera.com/support/security/advisories/CSSA-2001-008.0.txt http://www.caldera.com/support/security/advisories/CSSA-2001-008.1.txt
This security advisory was prepared by Matt Fearnow of the SANS Institute and William Stearns of the Dartmouth Institute for Security Technology Studies. The Lionfind utility was written by William Stearns. William is an Open-Source developer, enthusiast, and advocate from Vermont, USA. His day job at the Institute for Security Technology Studies at Dartmouth College pays him to work on network security and Linux projects. Also contributing efforts go to Dave Dittrich from the University of Washington, and Greg Shipley of Neohapsis Matt Fearnow SANS GIAC Incident Handler
If you have additional data on this worm or a critical quetsion please email lionworm@sans.org
------------------------------
End of YTSEJAM Digest 5800 **************************
This archive was generated by hypermail 2b30 : Thu Apr 01 2004 - 19:10:53 EST
