Event ID - 10100

Port No10100
Service NameELF_SLAPPER
RFC Doc0
ProtocolTCP
DescriptionThis Linux worm is a variant of ELF_SLAPPER.GEN. It uses the SSL exploit in Apache Web server to gain access to the host computer. Once it has infiltrated the host computer, it can launch a DDoS attack on a specific host.

*Consult ELF_SLAPPER.GEN for the specific versions of these SSL and Apache exploit and the details of the DDoS operation.

Compared with ELF_SLAPPER.GEN, this variant uses a different port number to communicate and different filenames under which it copies itself.

This worm also mails information on the compromised machine to a specific email address. It has a backdoor component that listens on port number 1052 for files that it downloads and executes.
Reference LinkELF_SLAPPER
AttackSolution:

Shut down the Apache Web service.
Scan your system with Trend Micro antivirus and delete all files detected as ELF_SLAPPER.C. To do this, Trend Micro customers must download the latest pattern file and scan their system.
Use any available process viewer program to view and terminate the .unlock* process.

Note: In order to avoid getting infected by ELF_SLAPPER.C, users are strongly encouraged to upgrade existing versions of OpenSSL to version 0.9.6e or 0.9.7beta3.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.