Slapper Worm
Matt Alexander
plug-discuss@lists.plug.phoenix.az.us
Fri, 27 Sep 2002 13:10:39 -0700 (PDT)
The Slapper Worm exploits an OpenSSL vulnerability that affects Apache
servers running modssl. If you're running a default install of any Linux
distro and haven't patched your system for this, then you've most likely
been compromised.
~M
On Fri, 27 Sep 2002, Phil Mattison wrote:
> I got an email from some outfit in Europe today claiming that my web server
> was sending their server UDP packets in a denial-of-service attack cause by
> the Slapper Worm. I was unable to find any of the indications as mentioned
> in the documentation on this virus that my system was infected. I did,
> however, find that someone had created a huge file named upgrade-modssl (or
> some such thing) that ate up all my free space. The owner:group of the file
> indicated it was created through the Apache server somehow. Has anyone seen
> something like this before, or know how a hacker might constipate your file
> system like that?
> --
> Phil Mattison
> Ohmikron Corp.
> 480-722-9595
> 602-820-9452 Mobile
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>