It's our turn again. The latest worm to attack Web servers is aimed squarely at Linux systems running Apache. The Slapper worm affects 21 different builds of Apache that live on top of a number of different Linux distributions, exploiting the SSL bug reported at the end of July. It installs a distributed denial-of-service (DDoS) client on the target system and also attempts to locate and exploit other vulnerable instances of Apache.
If the previous paragraph fails to break any new ground, well, perhaps it's because Slapper breaks so little new ground - except that the time lag between initial public knowledge of the exploit and release of the corresponding worm has shrunk to a mere six weeks.
And this time two of my servers were hit, and I have no one to blame but myself.
[ Read more ]
- Virus: Worm.Linux.Slapper (18 September 2002)
- News: Security experts divided on Slapper's threat (17 September 2002)
- Press Release: Slapper Teaches Users Value of Safe Hex, Says Sophos Anti-Virus (16 September 2002)
- News: Linux worm hits the network (16 September 2002)
- Virus News: Reverse Engineered Slapper Worm (16 September 2002)
- Virus News: F-Secure Warns About a New Linux Worm (16 September 2002)