Network Worms Continue To Attack Linux
Posted on 07.10.2002
Worm "Mighty" Intensifies the Threat to Linux

Following on the heals of the "Slapper" worm, which only two weeks ago was detected attacking Linux computers, comes the next outbreak, this time the work of the Linux-worm "Mighty". Presently Kaspersky Labs has registered over 1,600 infected systems the world over.

Many features of "Mighty" are taken from its predecessor, the network worm "Slapper". Like "Slapper", "Mighty" infects computers running Linux and the Apache Web-server and also uses the OpenSSL Security System exploit to gain access. Moreover, "Mighty" partly borrows the source code spreading method from "Slapper": to ensure compatibility with all versions of OpenSSL, one of the worm's components (sslx.c, which is responsible for penetration via the security system vulnerability) recompiles itself anew on each computer.

In addition to infecting systems, "Mighty" also sets up a backdoor utility (designed to gain unauthorized control). In turn, this utility connects with one of the remote IRC-channels where it receives ill-intentioned commands, which it then executes on the infected system. In this way "Mighty" is able to leak out confidential information, corrupt important data, and also use infected machines to conduct distributed DoS attacks and other nasty activities.

To avert infection, Kaspersky Labs, above all recommends users install the latest version of OpenSSL (for versions older than 0.9.7-beta, 0.9.6e) and to update their anti-virus program databases.

The defense against "Mighty" has already been added to the Kaspersky Anti-Virus databases.

A more detailed description of the "Mighty" network worm can be found in the Kaspersky Virus Encyclopedia
(http://www.viruslist.com/eng/viruslist.html?id=56952).






Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //