New Worm Slaps Linux-based Apache Web Servers
A fast-spreading worm that targets Linux-based Apache Web servers had security vendors and the CERT Coordination Center issuing dire warnings over the weekend that continued on Monday.
F-Secure Corp., for example, on Saturday issued a Level 2 alert warning of the Slapper Linux worm but on Monday upgraded it to Level 1, its highest level.
The worm likewise has Internet Security Systems at AlertCon3, which warns of "focused attacks" and is second only to AlertCon 4 for "catastrophic threat." The worm -- also known as Linux.Slapper-A, Linux.Slapper-Worm, Apache/mod_ssl Worm and Slapper.source -- targets a previously reported flaw in OpenSSL, an open source version of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.
Once it infects a server, the worm tries to add that server to a peer-to-peer network, F-Secure's advisory says. That network can then be used to launch a distributed denial of service attack.
By contrast, the most devastating Web worm to date -- Code Red -- infected only about 200 servers in the same timeframe, F-Secure says.
To avoid the worm, organizations can either apply a patch or upgrade to version 0.9.6e of OpenSSL, according to CERT/CC. Its advisory contains patch and upgrade information here.
F-Secure is offering a free, limited version of its F-Secure Anti-Virus for Linux to administrators of infected systems. More information is available at the company's Slapper Web site.