New Worm Slaps Linux-based Apache Web Servers

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
A fast-spreading worm that targets Linux-based Apache Web servers had security vendors and the CERT Coordination Center issuing dire warnings over the weekend that continued on Monday.

F-Secure Corp., for example, on Saturday issued a Level 2 alert warning of the Slapper Linux worm but on Monday upgraded it to Level 1, its highest level.

The worm likewise has Internet Security Systems at AlertCon3, which warns of "focused attacks" and is second only to AlertCon 4 for "catastrophic threat."The worm -- also known as Linux.Slapper-A, Linux.Slapper-Worm, Apache/mod_ssl Worm and Slapper.source -- targets a previously reported flaw in OpenSSL, an open source version of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.

Once it infects a server, the worm tries to add that server to a peer-to-peer network, F-Secure's advisory says. That network can then be used to launch a distributed denial of service attack.

F-Secure has reverse engineered the peer-to-peer protocol that the worm uses, enabling the company to infiltrate the network with a machine posing as an infected server. This has enabled F-Secure to monitor the worm's progress. As of late Sunday, the worm had infected nearly 6,000 machines, F-Secure reports, a number that nearly doubled to 11,249 by midday Monday.

By contrast, the most devastating Web worm to date -- Code Red -- infected only about 200 servers in the same timeframe, F-Secure says.

To avoid the worm, organizations can either apply a patch or upgrade to version 0.9.6e of OpenSSL, according to CERT/CC. Its advisory contains patch and upgrade information here.

F-Secure is offering a free, limited version of its F-Secure Anti-Virus for Linux to administrators of infected systems. More information is available at the company's Slapper Web site.

Submit a Comment

Loading Comments...