In what is believed to be the first action of its kind by an anti-virus company, F-Secure was able to identify exactly which Web servers were being infected as each infection happened, send a warning to the administrators of the infected systems, and offer a free version of F-Secure Anti-Virus for Linux to remove the worm from their systems.
Across the weekend of Friday 13th, following the discovery of the worm, F-Secure anti-virus laboratory was able to reverse-engineer the peer-to-peer protocol that the worm exploits to infect machines. This enabled F-Secure to access to the Slapper attack network by posing as an infected web server. Through this false server, F-Secure was able to determine the exact number of infected machines and their IP addresses as each server became infected.
Read more at: