Network World - A computer worm dubbed Linux.Slapper.Worm has started to spread on the Internet by exploiting the Linux Apache Web server vulnerabilities that are related to the OpenSSL protocol. The vulnerabilities were first detailed July 30 by The OpenSSL Group.
According to an advisory from antivirus firm Symantec Corp. in Cupertino, Calif., Linux.Slapper.Worm is the first worm to make use of peer-to-peer networking technology, which has allowed infected servers to maintain contact. This would potentially give a hacker control of a constellation of infected boxes.
The worm, which is still being analyzed, can capture e-mail addresses and could potentially do greater harm, said Oliver Friedrichs, senior manager at the Symantec Security response division. Symantec said that on Friday there were at least 2,000 infections from the worm, which was first reported in Portugal and Romania.
The worm can infect Linux servers from companies such as Red Hat Inc., MandrakeSoft, Caldera International Inc., Slackware Linux Inc. and Debian that haven't been upgraded to the 0.9.6g version of the OpenSSL Group's software for Secure Sockets Layer. That upgrade fixes the vulnerabilities detailed on July 30.
The worm is raising particular concern because "it has its own peer-to-peer networking protocol," said Friedrichs. "Potentially, someone can inject a command into the peer-to-peer network and send it to the compromised hosts."
Symantec is still examining Linux.Slapper.Worm to better understand how dangerous it is. The worm spreads like the well-known Nimda worm, which started a year ago, by scanning. That scanning activity might result in some denial-of-service problems.
But unlike Nimda, which is still active and infects vulnerable Microsoft Corp. Internet Information Servers, Linux.Slapper.Worm is said to go one step further and set up links among the Linux machines it infects. Symantec said it intends to issue periodic updates on what it discovers about Linux.Slapper.Worm.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
