[Dshield] Linux.slapper variant

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Wed Sep 25 11:32:50 GMT 2002


David, Jesper, John, Roger, et al.

Slapper.A, Slapper.B, ...

Security Alerts (at bottom left page), etc. 
http://www.f-secure.com/
Global Slapper Worm Information Center, at
http://www.f-secure.com/slapper/
Virus Bulletins, at
http://www.f-secure.com/virus-info/
About Slapper variants (descriptions, etc.), at
http://www.f-secure.com/v-descs/slapper.shtml

The OpenSSL security advisory is available at 
http://www.openssl.org/news/secadv_20020730.txt 
CERT(r) advisory is available at: 
http://www.cert.org/advisories/CA-2002-23.html 
Security advisories released by Linux vendors: 
Debian: http://www.debian.org/security/2002/dsa-136 
Mandrake:
http://www.mandrakelinux.com/en/security/2002/MDKSA-2002-046.php 
RedHat: http://rhn.redhat.com/errata/RHSA-2002-155.html 
SuSE: http://www.suse.com/de/security/2002_027_openssl.html


-  Peter
   (psj)

      "To learn something new, take the path that you took yesterday."
           John Burroughs (1837-1921); US author, naturalist.



David Kennedy wrote:

> There are, at least, two newer variants.
> The best technical description I've see so far is:
>
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21184

- Agree
   psj



list-admin at dshield.org <mailto:list-admin at dshield.org> wrote on Tuesday,
September 24, 2002 6:50 PM: on behalf of: John Daniels [empty lines
indicate <snip(s)>]

> I just got this info from my AV vender, maybe it can help some one.
> 
> 1. New Linux Vandal: Slapper

> 
> * By blocking all unused ports, Slapper has no way of
> accessing your system (- Slapper attempt to enter a system
> by attacking port 2002). In case you are not using SSL, you
> should also block port 443.

About Slapper variants (descriptions, ports, etc.), at
http://www.f-secure.com/v-descs/slapper.shtml

> 
> * If Slapper is already infecting your system, you may be
> able to shut it down by closing its process. The process is
> called ''.bugtraq''.

About Slapper variants (descriptions, ports, filenames, etc.), at
http://www.f-secure.com/v-descs/slapper.shtml

> 
> John Daniels
> 
> The boss said, dont forget before you work on it make sure you unplug
> it?? 




More information about the list mailing list