F-Secure Warns About a New Linux Worm
Posted on 16.09.2002
Helsinki, Finland - September 14th. F-Secure Corporation is warning about a new network worm called Slapper. Slapper is a network worm that spreads on Linux machines, using a flaw discovered in August 2002 in OpenSSL libraries. The worm was found in Eastern Europe late on Friday 13th, September 2002.

The worm typically affects Linux machines that are running Apache web server with SSL enabled. Apache installations cover more than 60% of public web sites in the internet. It could be estimated that less than 10% of those have enabled SSL services. SSL is most often used for online commerce, banking and privacy applications.

Once a machine gets infected, the worm starts to spread to new systems. In addition, the worm contains code to create a peer-to-peer attack network, where infected machines can remotely be instructed to launch a wide variety of Distributed Denial of Service (DDoS) attacks.

The worm works on Intel-based machines running Linux distributions from Red Hat, SuSE, Mandrake, Slackware or Debian. Apache and OpenSSL must be enabled and OpenSSL version must be 0.96d or older.

Slapper is very similar to the Scalper Apache worm, which was found in June 2002. The basic theory of operation is similar to the first widespread web worm, Code Red. Code Red infected more than 350000 websites running Microsoft IIS in July 2001.

"It is still early to say whether this will become a major problem or not", comments Mikko Hypponen, Manager of Anti-Virus Research at F-Secure. "In any case, we urge all Linux webmasters to make sure their systems are secured against this attack."

Detailed description of the worm as well as a screenshot are available at: http://www.f-secure.com/v-descs/slapper.shtml


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Sep 1st