Re: worm Re: on security advisories: include version number upstream uses

[Erich Schubert <erich@debian.org>]

Moving this thread from -security to debian-devel.

> I would like to know if any of my hosts were affected by the
> worm.

Probably the most reliable way to do such things is to use aide/tripwire
or any other of these system integrity toolkits. That is until the worms
are aware of these and can trick them...
But running these should make you safe from "proof-of-concept" class
worms at least, which care for entering systems, but not for hiding
their traces.

Guess in this case you could also check your apache log files.

Then there is a "chkrootkit" package; that probably could be updated.

The risky thing with such things is: it usually is easy to show that you
are affected, but it's probably hard to show that you are not affected.
So tools rarely can "promise" that you aren't affected.

Greetings,
Erich

-- 
        erich@(mucl.de|debian.org)        --        GPG Key ID: 4B3A135C
          Go away or i'll replace you with a very small shell script.
        Die kürzeste Verbindung zwischen zwei Menschen ist ein Lächeln.
                    Der Wissende weiß, dass er glauben muß.