September 13, 2002 11:40 PM PDT

Linux server worm exploits known flaw

By Robert Lemos
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
Email
Print

Related Stories: Apache worm barely squirms
July 1, 2002; SQL worm: Servers may be off the hook
May 22, 2002; Code Red for security
July 27, 2001; Year of the Worm
March 15, 2001

A worm spreading among Linux servers late Friday takes advantage of a flaw discovered more than a month ago in a program designed to strengthen the privacy of Internet communications.

Designated "Linux.Slapper.Worm" by security firm Symantec, the self-replicating program may have originated in Europe and threatens Linux servers that offer an encryption feature known as Secure Sockets Layer, the standard method for encrypting sensitive Web traffic, through a common extension to the open-source Apache Web server.

"At this time over 3,500 computers have been observed performing this activity," said Symantec in its advisory. "This includes computers located in Portugal and Romania, where initial reports of the worm originated."

The worm, which is also known as Apache/mod_ssl after the Web server module it exploits, seems to have been created to create a distributed network with which a denial-of-service attack could be launched. A denial-of-service attack attempts to shutdown a network by overloading it with data from a number of servers, as Slapper apparently is attempting, or by causing systems to crash by exploiting a flaw in the software.

The worm's code will also run only on Intel-based systems, where it compiles its own code, Symantec advised. The worm attacks by first confirming that the computer is running that Apache Web server and then infects the computer by connecting to the SSL server.

News of the worm was first posted to Bugtraq, a security mailing list run by SecurityFocus, a subsidiary of Symantec.

Earlier this month, Internet research firm Netcraft warned that administrators were not patching SSL servers quickly enough.

"Counter-intuitively, Web site managers seem quicker to fix conventional HTTP servers than SSL servers, perhaps because they receive more traffic, or because the HTTP service is the conduit favored by worm writers," the firm's latest Web survey said.

The firm estimated that only a quarter of all SSL servers had been patched as of the end of August. It didn't disclose how many such servers were on the Internet.

System administrators with SSL servers based on Apache and OpenSSL should upgrade to the latest version of the encrypted communications software, Symantec's advisory recommended.

Latest tech news headlines

The main problem with Windows Vista
Posted in Defensive Computing by Michael Horowitz

September 6, 2008 7:50 PM PDT
Google-focused satellite enters orbit
Posted in News - Digital Media by Jonathan Skillings

September 6, 2008 7:33 PM PDT
In NFL deal, an extra point for Adobe's Flash
Posted in News - Digital Media by Jonathan Skillings

September 6, 2008 6:40 PM PDT

Resource center from News.com sponsors

What you need in business class email.

Mailtrust

Never worry about email again. From mobility and shared calendaring to virus and spam protection starting at only $3 per mailbox. more>

Total Email Relief

We'll take care of your email so you can take care of your business.

14 Day Free Trial

With expert support 24x7x365 we guarentee 100% uptime. Try us for free for 14 days. Never worry about your email again.

Just $3 per mailbox

Choose the plan that is right for your company and only pay for what you need.

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
Chrome's JavaScript challenge to Silverlight
The advent of Google's Chrome browser, software pros say, should spur a big speedup for JavaScript, which would raise its standing against Microsoft's Silverlight technology.
Gallery
Photos: Top 10 reviews of the week
Here are CNET Reviews' 10 favorite items from the past week, including the TiVo HD XL, Sony Cyber-shot DSC-H50, and the Dish Network's newest digital TV converter box.
News - Apple
Apple watchers spot 'iPod Nano' pix, iTunes hints
The rumor mill has long been predicting a longer, leaner new version of the iPod Nano, and now it's conjuring up some pictures.
Coop's Corner
Chris Shipley 1, Internet lynch mob 0
Demo's impresario goes public with a tart and smartly written riposte to the shoot-from-the-lip crowd.
Video
Katie Couric reflects on first Webcast
The political conventions are over and so are CBS Evening News anchor Katie Couric's first series of Webcasts. CNET's Kara Tsuboi sat down with Couric on the final night of the Republican National Convention to discuss what she liked about Webcasting, some of her most memorable guests, and whether TV news will still be around by the next round of conventions.
News - Digital Media
Google-focused satellite enters orbit
The search titan has exclusive rights among online mapping sites to images from the new GeoEye-1 satellite, which launched Saturday.
Video
YouTube plays party politics
During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.
News - Gaming and Culture
Are Demo and TechCrunch50 fragmenting their audiences?
With both events scheduled to start Monday, many press, as well as venture capitalists and others are having to choose which one to attend.
News - Cutting Edge
Execs predict next Google-like tech
On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.
Gallery
Images: The art of 'Spore' prototypes
Will Wright and his Maxis team worked on dozens of prototypes to test the elements of their soon-to-be-released evolution game. Here's a sampling.
Crossfade
The Standard, 'A Different Skin': Free MP3 of the Day
Eschewing the danceable beats favored by many of its post-punk brethren, while opting instead for more ominous and insistent rhythms, is what makes the Standard visceral and engaging. Download a free MP3 of "A Different Skin" courtesy of CNET Download Mus
Green Tech
Duke Energy to invest in mini solar power plants
Can hundreds of rooftop solar panels collectively operate like a central power plant? Duke Energy launches $100 million distributed solar program to find out.