10:54 AM
Connect Directly

New Linux Worm Threatens Serious Denial Of Service Attacks

Experts fear it could create a powerful platform to launch denial-of-service attacks against virtually any target on the Internet.

Security vendors are warning users running Linux Apache Web servers that they're vulnerable to attack from the first worm to use peer-to-peer networking technology. Dubbed the Linux.Slapper.Worm, it exploits a buffer overflow vulnerability within OpenSSL, often used in Apache Web servers.

Internet Security Systems Inc. is reporting in an advisory that the worm has "very powerful" distributed denial-of-service capabilities. Because of the worm, ISS has raised its Internet warning status to AlertCon 3, one notch below its highest level, AlertCon 4. Internet Security Systems estimates that the worm is spreading slowly and has infected 11,000 to 13,000 Web servers.

The Linux.Slapper.Worm spreads in similar fashion to last year's Nimda and Code Red worms, by scanning for, and then infecting, vulnerable systems. Because this worm establishes peer-to-peer links among infected servers, experts fear it could create a powerful platform to launch denial-of-service attacks against virtually any target on the Internet.

According to Dan Ingevaldson, team lead of the X-Force R&D division at ISS, the first version may be a test to see how well the worm works before more deadlier versions surface. "Unlike Code Red and Nimda, where virus writers didn't have immediate access to the source code, the source code for this worm is already widely public," he says. "I'd expect new versions to start to surface."

Users of OpenSSL through versions 0.96d or 0.9.7beta1 are urged to upgrade to the latest version of OpenSSL, currently 0.9.6g. The OpenSSL vulnerability the worm attacks was first reported at the end of July.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 23, 2014
Intrigued by the concept of a converged infrastructure but worry you lack the expertise to DIY? Dell, HP, IBM, VMware, and other vendors want to help.
Flash Poll
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.