[Techtalk] "Slapper" worm targeting Linux/Apache servers
Grrliegeek
grrliegeek at elenari.net
Fri Sep 20 02:24:54 EST 2002
I hadn't seen this mentioned yet on either list I'm posting it to. This is
going to techtalk and the Austin Linux Group. There is a worm going around
that's targeting apache servers using a vulnerability discovered in July
(which I think was patched and a new version of apache that is not vulnerable
is out there).
In a thread on linuxchix about security and why it's not always as up to date
as ideal, someone mentioned that they hadn't patched their (apache?) server
because they had other things they wanted to accomplish with the server
first. I think that due to the widespread nature of this worm, making sure
apache is up to snuff is of importance.
For more information:
http://www.msnbc.com/news/808678.asp?0dm=C16KT
http://online.securityfocus.com/news/662
>From the latter url, story dated 9/16/02:
Slapper exploits a previously-disclosed OpenSSL vulnerability, to create an
attack platform for distributed denial-of-service (DDoS) attacks against
other sites. The worm also has backdoor functionality, according to, security
tools vendor ISS. It describes the malicious code as a variation of the much
less virulent Apache "Scalper" BSD worm.
The OpenSSL server vulnerability exploit exists on a wide variety of
platforms, but Slapper appears to work only on Linux systems running Apache
with the OpenSSL module (mod_ssl) on Intel architectures.
The Slapper worm was first seen on Friday the 13th. Since then it has infected
thousands of web servers around the world and continues to spread. By late
last night 6,000 servers were infected with the worm, according to AV vendors
F-Secure.
Syleniel
More information about the Techtalk
mailing list