F-Secure Plays Key Role In Slapping Down Slapper Worm
Posted on 26 September 2002.
The threat of the Linux Slapper worm has been nullified by proactive anti-virus work by specialists at F-Secure. In what is believed to be the first action of its kind by an anti-virus company, F-Secure was able to identify exactly which Web servers were being infected as each infection happened, send a warning to the administrators of the infected systems, and offer a free version of F-Secure Anti-Virus for LinuxTM to remove the worm from their systems.

Across the weekend of Friday 13th, following the discovery of the worm, F-Secure anti-virus laboratory was able to reverse-engineer the peer-to-peer protocol that the worm exploits to infect machines. This enabled F-Secure to access to the Slapper attack network by posing as an infected web server. Through this false server, F-Secure was able to determine the exact number of infected machines and their IP addresses as each server became infected.

In the process of warning the administrators of the infected servers, F-Secure worked in concert with 14 national CERT organizations. This approach was highly appreciated by many companies with emails: "Thanks kindly for your warning; our customer tells us they have upgraded their server. Congratulations on a job well done." Hugh Brown, Dowco Internet.

According to Mikko Hypponen, F-Secure's Manager of AV research: "Slapper was a very real risk, because its peer-to-peer networking capability enabled the author to take over any or all of the infected servers. The risk was not just distributed denial-of-service attacks, but also the backdoor access and control capability it gave over key parts of Internet infrastructure. That's why we took these measures to counter the risks it presented."

According to F-Secure, Slapper is representative of a new breed of worms and viruses as it is as much an attack tool as it is a quickly spreading worm.

F-Secure's Global Slapper Information Center provides regularly updated information on the worm and numbers of infected servers categorized by the top-level domain. The company says it is imperative that all servers are cleaned and patched to prevent future infections as soon as possible - both to stop the spreading of the worm and to prevent unauthorised access to the infected servers.





Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //