Event ID - 143

Port No143
Service NameLinux.ADM.worm
RFC Doc0
ProtocolTCP
DescriptionThis Linux script malware contains several components of scripts and binaries that attempt to exploit the vulnerable BIND (Berkeley Internet Name Domain) systems to gain access as well as attack other systems by copying its package to these vulnerable systems
Reference LinkLinux.ADM.worm
AttackSolutions:

PREVENTING YOUR SYSTEM FROM THIS ATTACK

To make sure that your system is immune from this exploit, you will need to upgrade to the current version of BIND.

REPAIRING THE INFECTED SYSTEM

Type in the following commands on the Linux command prompt:
To delete SUID Root Shell created by the malware, type:
/bin/rm -rf /tmp/.w0rm
To terminate the running malware process from memory, type:
/usr/bin/killall -9 ADMw0rm
To delete worm’s files located in its created subfolder, type:
/bin/rm -rf /tmp/.w0rm0r
To remove the worm user account created by the malware, type:
/usr/sbin/userdel -r w0rm

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.