Worm exploits Apache vulnerability on FreeBSD
IDG News Service - A worm that can compromise systems running the Apache Web server on the FreeBSD operating system is crawling the Internet, but its spread and impact are limited, experts said today.
The worm takes advantage of a known security hole in Apache Web servers by scanning the Internet and installing a backdoor application when it finds a vulnerable Web server. This backdoor allows the attacker to remotely control the system and use it in attacks on other Web servers, according to antivirus software vendor F-Secure Corp. in Helsinki.
The open-source Apache server is the most commonly used Web server software, running on 63% of Web sites, according to a survey by Web server analysis firm Netcraft Ltd. in Bath, England.
However, the reach of the worm, dubbed Scalper by F-Secure, is limited because it affects Apache only on the open-source FreeBSD operating system, said Mikko Hypponen, research manager at F-Secure. "It only hits a small fragment of the Apache users," said Hypponen.
Mike Prettejohn, director at Netcraft, agreed. "FreeBSD is the third most popular platform for Apache after Linux and Solaris," he said.
Hypponen does not see the worm as a big danger. "The current version is low risk. It is spreading, we can see hits generated by the worm, but it is not widespread. It could infect a measurable portion of the FreeBSD Web server, but that has not happened yet," he said.
Variants of the worm attacking Apache on other platforms may soon surface, Hypponen said.
"It would be easy to change this worm to work on Linux or any other system. But then, on the positive side, I would think that Apache Web server administrators are diligent in patching, so the spread would not be as big as Code Red, which infected about 200,000 Web sites in two days about a year ago," Hypponen said.
Indeed, Apache administrators have responded swiftly, with well over 6 million Web sites already upgraded to Apache 1.3.26, a version of the software not vulnerable to this attack. However, about 14 million potentially vulnerable sites using Apache remain, Netcraft said in its monthly commentary released today.
Antivirus software vendor Sophos PLC has received a sample of the Apache worm but hasn't yet been able to make it work, said Graham Cluley, senior technology consultant at Sophos in Oxford, England.
"At the moment, we think it is a bit of a curiosity. We believe it tries to attack FreeBSD machines, but it is so unstable that getting the right configuration to make it work is tough. That, of course, also will limit the ability to spread," Cluley said.
The flaw in the Apache Web server that the worm exploits affects all versions of Apache 1.2, versions of Apache 1.3 up to 1.3.24 and versions of Apache 2 up to 2.0.36, according to a statement from the Apache Software Foundation released June 20. The new Apache 1.3.26 and Apache 2.0.39 fix the issue, the foundation said.
The flaw relates to the way the Web server parses uploaded data and can cause the software to misinterpret the size of incoming chunks of data. It can be exploited by sending a carefully crafted request to the server, said the foundation, which manages development of the open-source Apache products.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Malware and Vulnerabilities White Papers | Webcasts