[Dshield] Linux.slapper variant

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Wed Sep 25 11:32:50 GMT 2002

David, Jesper, John, Roger, et al.

Slapper.A, Slapper.B, ...

Security Alerts (at bottom left page), etc. 
Global Slapper Worm Information Center, at
Virus Bulletins, at
About Slapper variants (descriptions, etc.), at

The OpenSSL security advisory is available at 
CERT(r) advisory is available at: 
Security advisories released by Linux vendors: 
Debian: http://www.debian.org/security/2002/dsa-136 
RedHat: http://rhn.redhat.com/errata/RHSA-2002-155.html 
SuSE: http://www.suse.com/de/security/2002_027_openssl.html

-  Peter

      "To learn something new, take the path that you took yesterday."
           John Burroughs (1837-1921); US author, naturalist.

David Kennedy wrote:

> There are, at least, two newer variants.
> The best technical description I've see so far is:

- Agree

list-admin at dshield.org <mailto:list-admin at dshield.org> wrote on Tuesday,
September 24, 2002 6:50 PM: on behalf of: John Daniels [empty lines
indicate <snip(s)>]

> I just got this info from my AV vender, maybe it can help some one.
> 1. New Linux Vandal: Slapper

> * By blocking all unused ports, Slapper has no way of
> accessing your system (- Slapper attempt to enter a system
> by attacking port 2002). In case you are not using SSL, you
> should also block port 443.

About Slapper variants (descriptions, ports, etc.), at

> * If Slapper is already infecting your system, you may be
> able to shut it down by closing its process. The process is
> called ''.bugtraq''.

About Slapper variants (descriptions, ports, filenames, etc.), at

> John Daniels
> The boss said, dont forget before you work on it make sure you unplug
> it?? 

More information about the list mailing list