Possible Slapper Worm?

[xxkylexx]

Hello,

I got an email from my daily chkrootkit and noticed this line for the first time:

Checking `slapper'... Warning: Possible Slapper Worm installed (32076/mocks)

Can anyone tell me what this is, and what I need to do with it?



Thanks,
Kyle

 

[webignition]

http://www.google.com/search?hl=en&lr=&q="Slapper+Worm"+chkrootkit

 

[chirpy]

It's more than likely a false-positive as it's normally just finding the port that slapper uses. Rerun chkrootkit and see if it's still there.

 

[AndyReed]

Hello,

I got an email from my daily chkrootkit and noticed this line for the first time:

Checking `slapper'... Warning: Possible Slapper Worm installed (32076/mocks)

SSH to your server and run ./chkrootkit one more time. If it comes up Checking `slapper'... not infected then you know it was a false entry. If it comes up again telling you Checking `slapper'... Warning: Possible Slapper Worm installed, then you should wait a minute and run the ./chkrootkit a 3rd time to verify it is really installed. If it is you need to take measures to secure your server now, and attempt at removing the slapper worm. In some cases you might need to reload your OS. In any case, secure and harden your server.