 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Tue, 29 Jul 2014 19:07:17 -0700 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
On Tue, 2014-07-29 at 17:23 -0400, Larry Linder wrote:
> If anyone is interested I will share the details.
Larry,
Are you running Apache Struts, Apache Tomcat, or Elasticsearch by any
chance? Please review CVE-2013-2115, CVE-2013-1966, and CVE-2014-3120 to
see if any of these apply to your system configuration. This type of
infection is typically due to the aforementioned vulnerabilities.
As for removal, find and remove the following files with the system
offline:
/boot/.IptabLes
/boot/.IptabLex
/usr/.IptabLes
/usr/.IptabLex
/etc/rc.d/init.d/IptabLes
/etc/rc.d/init.d/IptabLex
/.mylisthb*
Let me know if you have any more questions.
Brandon Vincent
|
|
|
