10:54 AM

New Linux Worm Threatens Serious Denial Of Service Attacks

Experts fear it could create a powerful platform to launch denial-of-service attacks against virtually any target on the Internet.

Security vendors are warning users running Linux Apache Web servers that they're vulnerable to attack from the first worm to use peer-to-peer networking technology. Dubbed the Linux.Slapper.Worm, it exploits a buffer overflow vulnerability within OpenSSL, often used in Apache Web servers.

Internet Security Systems Inc. is reporting in an advisory that the worm has "very powerful" distributed denial-of-service capabilities. Because of the worm, ISS has raised its Internet warning status to AlertCon 3, one notch below its highest level, AlertCon 4. Internet Security Systems estimates that the worm is spreading slowly and has infected 11,000 to 13,000 Web servers.

The Linux.Slapper.Worm spreads in similar fashion to last year's Nimda and Code Red worms, by scanning for, and then infecting, vulnerable systems. Because this worm establishes peer-to-peer links among infected servers, experts fear it could create a powerful platform to launch denial-of-service attacks against virtually any target on the Internet.

According to Dan Ingevaldson, team lead of the X-Force R&D division at ISS, the first version may be a test to see how well the worm works before more deadlier versions surface. "Unlike Code Red and Nimda, where virus writers didn't have immediate access to the source code, the source code for this worm is already widely public," he says. "I'd expect new versions to start to surface."

Users of OpenSSL through versions 0.96d or 0.9.7beta1 are urged to upgrade to the latest version of OpenSSL, currently 0.9.6g. The OpenSSL vulnerability the worm attacks was first reported at the end of July.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of August 14, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.