[LON-CAPA-dev] detecting and removing slapper....

[Scott Harrison]

Dear All:

More information from 
http://www.f-secure.com/v-descs/slapper.shtml

REMOVAL 

  The worm is visible in the infected system as a process ".bugtraq". An
  infected system can be disinfected by
  terminating the worm's process, and by removing the files created into
  temporary directory: 

          /tmp/.uubugtraq
          /tmp/.buqtraq.c
          /tmp/.bugtraq

  The Apache web server must be shut down as well and the OpenSSL libary
  must be upgraded to a fixed
  version (0.9.6e or above) in order to avoid reinfection. 

Regards,
Scott

-- 
Scott Harrison, sharrison@users.sourceforge.net