On Wed, 18 Sep 2002, Tim White wrote: > To quote from the CERT advisory CA-2002-27 > http://www.cert.org/advisories/CA-2002-27.html: > > "Identifying infected hosts > > Reports indicate that the Apache/mod_ssl worm's source code is placed > in /tmp/.bugtraq.c on infected systems. It is compiled with gcc, > resulting in the executable binary being stored at /tmp/.bugtraq; > therefore, presence of any of the following files on Linux systems > running Apache with OpenSSL is indicative of compromise. > > /tmp/.bugtraq.c > /tmp/.bugtraq
ALERT Also look for /tmp/.uubugtraq -- Howard. LANNet Computing Associates - Your Linux people Contact detail at http://www.lannetlinux.com "Flatter government, not fatter government." - me Get rid of the Australian states. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
