Basically, if you haven’t gotten it, it’s a self spreading patch for the 1i0n worm. It even closes the backdoor behind it and then starts scanning for other infected computers, port 10008 goes crazy.
Interestingly enough, the author put this in:
# removes rootshells running from /etc/inetd.conf
# after a l10n infection… (to stop pesky haqz0rs
# messing up your box even worse than it is already)
# This code was not written with malicious intent.
# Infact, it was written to try and do some good.
Pretty interesting, eh? I didn’t enjoy it, but the idea of a “good” virus is kind of interesting. Why doesn’t Microsoft release patches like this? peer to peer self patching software. Hmmmm…..
