Hi Jason.
Jason Sopko wrote:
The Apache worm you're infected with was posted on bugtraq earlier
today. It exploits mod_ssl and can be identified by doing a ps -ax |
grep bugtraq (it runs as the name .bugtraq). The source for it is here:
http://dammit.lt/apache-worm/apache-worm.c
Thanks a lot for the fast reply. You are right, I can approve that this
is the worm that attacked the management blade. It started it's attack
somewhere around noon (local time) today. The management blade is
vulnerable to this attack as it is based on RedHat 7.3 (maybe it would
have been better if RLX had stick to Debian as they used before).
Thanks a lot for the help.
Bye, Mike