Event ID - 1978

Port No1978
Service NameELF/Slapper
RFC Doc0
ProtocolTCP
DescriptionThis worm, a variant of ELF_SLAPPER.GEN, uses the SSL exploit in Apache Web server to gain access to the host computer. Once it has infiltrated the host computer, it can later launch a Distributed Denial of Service (DDoS) attack on a specific host. Consult ELF_SLAPPER.GEN for the specific versions of these SSL and Apache exploits and the details of the DDoS operation. This variant uses different port numbers to communicate and uses different filenames to copy itself. This variant creates a startup entry to execute itself automatically every hour. It also includes a shell script component that collects information about the target computer and sends this information to the author of the virus.
Reference LinkELF/Slapper
AttackSOLUTION :

1.Shut down the Apache Web service.
2.Scan your system with Trend Micro antivirus and delete all files detected as ELF_SLAPPER.B. To do this, Trend Micro customers must download the latest pattern file and scan their system.
3.Remove the worm entry in the crontab configuration file. This prevents the worm from automatically executing itself.
4Use any available process viewer program to view and terminate the .cinik process.

Note: In order to avoid getting infected by ELF_SLAPPER.B, users are strongly encouraged to upgrade existing versions of OpenSSL to version 0.9.6e or 0.9.7beta3.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.