Posted by
CmdrTaco
on from the random-dune-reference-here dept.
randomErr writes "The worms, Slapper.B and
Slapper.C, which exploits a known buffer overrun vulnerability in the Secure Sockets Layer 2.0 (SSLv2) handshake process has infected thousands of Web servers worldwide, according to Helsinki-based F-Secure Corp., a computer and network security company. "
what does it look like?
by
Anonymous Coward
·
· Score: 5, Interesting
What should I look for in my apache logs to see if Im being "hit" by it? Anyone have an example?
your friendly neighborhood AC
"Wget"ing its source
by
N+Monkey
·
· Score: 5, Interesting
From the article:
According to researchers at F-Secure, the Slapper.B worm variant is able to retrieve its source code from a Web page after the worm has been removed from infected servers. The worm uses a common free software utility, wget, to retrieve its source code from an infected Web page in the home.ro domain.
Administrators of the domain, which is located in Romania, have been notified and the infected page has been deleted from the site, according to F-Secure.
Rather than simply having deleted the page, I wonder if it would have possible to replace this source code with something else that acted as an "antibody"?
Slashdot Mirror
What should I look for in my apache logs to see if Im being "hit" by it? Anyone have an example?
your friendly neighborhood AC
Rather than simply having deleted the page, I wonder if it would have possible to replace this source code with something else that acted as an "antibody"?