Event ID - 1052

Port No1052
Service NameApache Worm
RFC Doc0
ProtocolTCP
Description This Linux Trojan is a malicious tool that exploits a vulnerability in the Apache web server. The vulnerability, which affects systems affects systems running Apache versions 1.3 to 1.3.24 and versions 2.0 to 2.0.36, is described in the following document:

http://httpd.apache.org/info/security_bulletin_20020620.txt

This Trojan adds a user named "hakr" with root privileges to vulnerable systems. It also allows remote users to execute shell commands on vulnerable systems.
Reference LinkAPACHE
AttackSolutions:

Applying Patches
This malware exploits a known vulnerability in the Apache web server. It affects Linux systems running Apache version 1.3 to 1.3.24 and versions 2.0 to 2.0.36. Upgrading to later versions of Apache web server will address the vulnerability.
Removing Added User Open the /etc/passwd file and delete the following line:

hakr::0:0::/:/bin/sh
The line is located either at the end or near the end of the file.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.