New Linux Worm Threatens Serious Denial Of Service Attacks
Experts fear it could create a powerful platform to launch denial-of-service attacks against virtually any target on the Internet.
Security vendors are warning users running Linux Apache Web servers that they're vulnerable to attack from the first worm to use peer-to-peer networking technology. Dubbed the Linux.Slapper.Worm, it exploits a buffer overflow vulnerability within OpenSSL, often used in Apache Web servers.
Internet Security Systems Inc. is reporting in an advisory that the worm has "very powerful" distributed denial-of-service capabilities. Because of the worm, ISS has raised its Internet warning status to AlertCon 3, one notch below its highest level, AlertCon 4. Internet Security Systems estimates that the worm is spreading slowly and has infected 11,000 to 13,000 Web servers.
The Linux.Slapper.Worm spreads in similar fashion to last year's Nimda and Code Red worms, by scanning for, and then infecting, vulnerable systems. Because this worm establishes peer-to-peer links among infected servers, experts fear it could create a powerful platform to launch denial-of-service attacks against virtually any target on the Internet.
According to Dan Ingevaldson, team lead of the X-Force R&D division at ISS, the first version may be a test to see how well the worm works before more deadlier versions surface. "Unlike Code Red and Nimda, where virus writers didn't have immediate access to the source code, the source code for this worm is already widely public," he says. "I'd expect new versions to start to surface."
Users of OpenSSL through versions 0.96d or 0.9.7beta1 are urged to upgrade to the latest version of OpenSSL, currently 0.9.6g. The OpenSSL vulnerability the worm attacks was first reported at the end of July.
The Business of Going DigitalDigital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.