Hi. Jean Christophe ANDRÃ0/00 wrote:
Same idea here this night! :)
Hehe :)
I was thinking about the *good* way to do it... May be something like this (root mail, some wait, virus self-kill): /bin/ls -la /tmp | /bin/mail -s "You have been infected by the Slapper worm" root /bin/sleep 300 # to wait for the propagation, some network are slow /bin/kill -9 $PPID # *MUST* CHECK IF IT WILL REALLY KILL THE *RIGHT* ONE!!
The problem will be: every command that slapper executes runs with the uid of the infiltrated ssl webserver. So I guess that in most cases there won't be a chance to issue a "kill" or "killall" command. Hmm, is there a chance to cause the program to finish itself in a given condition?
Bye, Mike