[LON-CAPA-admin] detecting and removing slapper....
Scott Harrison
sharrison at users.sourceforge.net
Tue Sep 17 13:29:02 EDT 2002
Dear All:
More information from
http://www.f-secure.com/v-descs/slapper.shtml
REMOVAL
The worm is visible in the infected system as a process ".bugtraq". An
infected system can be disinfected by
terminating the worm's process, and by removing the files created into
temporary directory:
/tmp/.uubugtraq
/tmp/.buqtraq.c
/tmp/.bugtraq
The Apache web server must be shut down as well and the OpenSSL libary
must be upgraded to a fixed
version (0.9.6e or above) in order to avoid reinfection.
Regards,
Scott
--
Scott Harrison, sharrison at users.sourceforge.net
More information about the LON-CAPA-admin
mailing list