A patch for this exploit has been out for over a month, and as usual, the only people affected will be those with unpatched machines. It's a little scary that the removal instructions are so hard to come by, but I've never had any interest (or need) to remove a virus before, so maybe that's par for the course. Basically, just remove the .bugtraq files in /tmp (NOT /temp as some advisories say) and kill the bugtraq process. A little strange that the worm would use port 80 to communicate (in addition to 2002), seeing as it came in via a web server, which runs port 80...
|