Welcome Guest. | Log In| Register | Membership Benefits

New Linux Worm Threatens Serious Denial Of Service Attacks

Experts fear it could create a powerful platform to launch denial-of-service attacks against virtually any target on the Internet.

By George V. Hulme
InformationWeek
September 16, 2002 12:00 AM

Security vendors are warning users running Linux Apache Web servers that they're vulnerable to attack from the first worm to use peer-to-peer networking technology. Dubbed the Linux.Slapper.Worm, it exploits a buffer overflow vulnerability within OpenSSL, often used in Apache Web servers.

Internet Security Systems Inc. is reporting in an advisory that the worm has "very powerful" distributed denial-of-service capabilities. Because of the worm, ISS has raised its Internet warning status to AlertCon 3, one notch below its highest level, AlertCon 4. Internet Security Systems estimates that the worm is spreading slowly and has infected 11,000 to 13,000 Web servers.

More Software Insights

White Papers

Webcasts

Reports

The Linux.Slapper.Worm spreads in similar fashion to last year's Nimda and Code Red worms, by scanning for, and then infecting, vulnerable systems. Because this worm establishes peer-to-peer links among infected servers, experts fear it could create a powerful platform to launch denial-of-service attacks against virtually any target on the Internet.

According to Dan Ingevaldson, team lead of the X-Force R&D division at ISS, the first version may be a test to see how well the worm works before more deadlier versions surface. "Unlike Code Red and Nimda, where virus writers didn't have immediate access to the source code, the source code for this worm is already widely public," he says. "I'd expect new versions to start to surface."

Users of OpenSSL through versions 0.96d or 0.9.7beta1 are urged to upgrade to the latest version of OpenSSL, currently 0.9.6g. The OpenSSL vulnerability the worm attacks was first reported at the end of July.

Subscribe to RSS

» Write To Editor
» Reprint This Article
» Download Top Reports

CAREER CENTER

Ready to take that job and shove it?
Open | Close

Post Your Resume

Employers Area

News & Features

Blogs & Forums

Career Resources

Browse By:
State | City

SPONSOR

RECENT JOB POSTINGS

Featured Jobs:

Lowe's seeking Systems Engineer III in Mooresville, NC

Univ of Michigan seeking University Ethical Hacker in Ann Arbor, MI

MAP Digital seeking Project Manager: Live Digital Events in New York, NY

cPanel Inc. seeking Internal Systems Developer in Houston, TX

Cirrus Design seeking Web Architect in Duluth, MN

For more great jobs, career-related news, features and services, please visit our Career Center.

CAREER NEWS

10 Search Engines You Don't Know About

Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs

Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

Featured Software White Paper

SOA and Web Services - The Performance Paradox
Loosely-coupled service environments provide unique benefits to the organizations that utilize them, while at the same time, they introduce new challenges. See how IT teams - operations, application support, architects and developers - gain control over complex, composite applications upon which so much business depends. Read the white paper. read more