|
Description:
This Linux worm is a variant of ELF_SLAPPER.GEN. It uses the SSL exploit in Apache Web server to gain access to the host computer. Once it has infiltrated the host computer, it can launch a DDoS attack on a specific host.
*Consult ELF_SLAPPER.GEN for the specific versions of these SSL and Apache exploit and the details of the DDoS operation.
Compared with ELF_SLAPPER.GEN, this variant uses a different port number to communicate and different filenames under which it copies itself.
This worm also mails information on the compromised machine to a specific email address. It has a backdoor component that listens on port number 1052 for files that it downloads and executes.
For additional information about this threat, see:
Solution
Technical Details
Description created: Sep. 24, 2002 5:02:44 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
