CHKrootkit Finds Slapper Worm installed

Root Kit Hunters such as CHKRootKit are great for monitoring your server for security holes but sometimes they find false positives. These appear to be real security threats when you run the software so it's sometimes confusing to determine if you are in fact in trouble or if it's false. One of these known false entries is 'Slapper Worm' Slapper Worm may be a false entry if a process was running when CHKROOTKIT started, and it finished before CHKROOTKIT finished running. To verify this wait a couple minutes after you get your CHKROOTKIT Report via e-mail, or after you run it on command line. After you wait 1 - 2 minutes you should simply login to your server VIA ssh and run CHKROOTKIT again. If it comes up Checking `slapper'... not infected then you know it was a false entry. If it comes up again telling you Checking `slapper'... Warning: Possible Slapper Worm installed then you should wait a minute and run the CHKROOTKIT a 3rd time to verify it is really installed. If it is you need to take measures to secure your server now, and attempt at removing the slapper worm or re-installing and re-loading your data and hardening your server again. If you run a cPanel server BindShell is a false entry as well. (Happens on all cPanel Servers) Original: http://www.ukwebmasterforums.com/t4925-chkrootkit-finds-slapper-w orm-installed.html Web Hosting UK (http://www.session9.co.uk/ ) Webmaster Forums ( http://www.ukwebmasterforums.com/ ) Web Hosting Affiliate ( http://www.session9.co.uk/web-hosting-affiliate/ )

Domain Reseller ( http://www.domainvendor.co.uk/ )