| Port No | 1978 |
| Service Name | ELF/Slapper |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This worm, a variant of ELF_SLAPPER.GEN, uses the SSL exploit in Apache Web server to gain access to the host computer. Once it has infiltrated the host computer, it can later launch a Distributed Denial of Service (DDoS) attack on a specific host. Consult ELF_SLAPPER.GEN for the specific versions of these SSL and Apache exploits and the details of the DDoS operation. This variant uses different port numbers to communicate and uses different filenames to copy itself. This variant creates a startup entry to execute itself automatically every hour. It also includes a shell script component that collects information about the target computer and sends this information to the author of the virus. |
| Reference Link | ELF/Slapper |
| Attack | SOLUTION : 1.Shut down the Apache Web service. 2.Scan your system with Trend Micro antivirus and delete all files detected as ELF_SLAPPER.B. To do this, Trend Micro customers must download the latest pattern file and scan their system. 3.Remove the worm entry in the crontab configuration file. This prevents the worm from automatically executing itself. 4Use any available process viewer program to view and terminate the .cinik process. Note: In order to avoid getting infected by ELF_SLAPPER.B, users are strongly encouraged to upgrade existing versions of OpenSSL to version 0.9.6e or 0.9.7beta3. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.