Computer Forensics Challenge 2: Analyze Apache/mod_ssl Worm

Here is the tcpdump file of a Apache/mod_ssl Worm attack.

Analyze the tcpdump file and try to extract the worm program from this tcpdump file. Then analyze the worm program to figure out what this worm program did after the break-in:

  1. how it communicates with its master
  2. how it duplicates itself and then propagate
  3. what information does this worm collect
  4. ... etc