ISS Alerts on Slapper Worm Modification

In a latest alert, Internet Security Systems noted that there is a new version of Slapper worm out there. The modification, called Slapper.B has some changes:

• Slapper.B has a new function called, “mailme()” that sends an email to aion@ukr.net containing the IP address and hostname of the infected computer and, the hostname of the server it is linked to.
• Slapper.B contains a new interactive backdoor function. Slapper.A allowed attackers to execute commands via the peer-to-peer network. Slapper.B has a supplemental backdoor that listens on TCP port 1052. Attackers must supply a password before Slapper.B grants an interactive command shell.