[ale] Slapper

James P. Kinney III jkinney at localnetsolutions.com
Fri Oct 25 15:35:39 EDT 2002


That one, like most, spews crap all over the place. There's junk in /dev
and a bazillion other places. The initial insertion point infects /tmp
as it's world writable. It puts a lot of stuff in "." files in /tmp.

It also steals the private-key for your ssl setup.

Since you have a RedHat 7.2 box, rpm -Va will tell you which system
files have been altered. It won't tell you about the other crap the
@$$hole installed, though. 

The best bet is to grab off your /etc (I don't know of any slapper crap
that attacks /etc    yet) and the other "data" and rebuild the system
from fresh install.

Uggh. 

On Fri, 2002-10-25 at 15:15, cfowler wrote:
> I have a 7.2 box that has been hit.  How do I remove the worm?  I am
> upgrading my packages now
> 
> 
> 
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> sent to listmaster at ale dot org.
-- 
James P. Kinney III   \Changing the mobile computing world/
President and CEO      \          one Linux user         /
Local Net Solutions,LLC \           at a time.          /
770-493-8244             \.___________________________./

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7 



 This is a digitally signed message part




More information about the Ale mailing list