Network Worms Continue To Attack Linux
Posted on 07.10.2002
Worm "Mighty" Intensifies the Threat to Linux

Following on the heals of the "Slapper" worm, which only two weeks ago was detected attacking Linux computers, comes the next outbreak, this time the work of the Linux-worm "Mighty". Presently Kaspersky Labs has registered over 1,600 infected systems the world over.

Many features of "Mighty" are taken from its predecessor, the network worm "Slapper". Like "Slapper", "Mighty" infects computers running Linux and the Apache Web-server and also uses the OpenSSL Security System exploit to gain access. Moreover, "Mighty" partly borrows the source code spreading method from "Slapper": to ensure compatibility with all versions of OpenSSL, one of the worm's components (sslx.c, which is responsible for penetration via the security system vulnerability) recompiles itself anew on each computer.

In addition to infecting systems, "Mighty" also sets up a backdoor utility (designed to gain unauthorized control). In turn, this utility connects with one of the remote IRC-channels where it receives ill-intentioned commands, which it then executes on the infected system. In this way "Mighty" is able to leak out confidential information, corrupt important data, and also use infected machines to conduct distributed DoS attacks and other nasty activities.

To avert infection, Kaspersky Labs, above all recommends users install the latest version of OpenSSL (for versions older than 0.9.7-beta, 0.9.6e) and to update their anti-virus program databases.

The defense against "Mighty" has already been added to the Kaspersky Anti-Virus databases.

A more detailed description of the "Mighty" network worm can be found in the Kaspersky Virus Encyclopedia


Pen-testing drone searches for unsecured devices

You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Oct 9th