Projects / Worm Warner

Worm Warner

WormWarner is a Perl script that is used to warn hosts that are probably infected by a worm. It decides wether a host is infected by analyzing the data from the Apache log files. It currently recognizes CodeRed, Nimda, the Linux.Slapper.Worm, and the FreeBSD.Scalper.worm. Warning is done by trying to contact the SMTP server on the infected host and sending an email to the postmaster.

Operating Systems

Recent releases

  •  03 May 2004 21:25

    Release Notes: A test mode and the option to specify the mail server to use were added. This release also limits the size of an email message when the included log files make it to large. The patterns to detect a worm are now stored in a file, which makes it easier to add patterns. Some new patterns were added.

    •  17 Jul 2003 18:23

      Release Notes: The scripts now use a GDBM database to keep statistics about the warnings that were sent. This database is also used for rate control to avoid sending too many warnings for the same IP. The ATD-Mass exploiter was added to the recognized attacks. The IP and timezone of the host which runs the script are included in messages to the ISP. Some small bugs were fixed.

      •  29 Apr 2003 17:41

        Release Notes: A conflict with newer versions of the Mail::Sender module was fixed. A bug which caused wormwarner not to log for some specific email server problems was fixed.

        •  26 Apr 2003 16:44

          Release Notes: Wormwarner now runs as a daemon which lets it respond within minutes after an infection attempt. The database is queried before starting whois queries to find the email address of the ISP to warn. Code cleanups were also made.

          •  18 Jan 2003 11:02

            Release Notes: This release features improved whois lookup functionality, and can now execute commands (which could be used to modify adaptive firewalls).


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.