Security experts divided on Slapper's threat

The APACHE/MOD_SSL, or "Slapper" worm that is fast infecting Web servers worldwide marks a new milestone in the evolution of computer worms, experts say: the creation of a peer-to-peer network by a worm for the purpose of conducting distributed denial of service (DDOS) attacks. But experts are divided on how big a threat Slapper poses to the Internet infrastructure as a whole.

The worm, which exploits a known buffer overrun vulnerability in the Secure Sockets Layer 2.0 (SSLv2) handshake process is already believed to have infected over 13,000 Apache Web servers, according to Helsinki-based F-Secure, a computer and network security company. The worm infects host machines by using the SSL vulnerability to transfer its malicious source code to a remote machine, then compiling that code, producing a new executable, according to an advisory posted on Carnegie Mellon"s CERT Coordination Center Web page.

Once infected by the Slapper worm, Web servers effectively become hosts in a large peer-to-peer network of other infected servers. Infected servers scan for other Web hosts to infect, and coordinate with other infected hosts over the 2002/UDP (User Datagram Protocol) port.

News source: Infoworld

View: The full story

Report a problem with article
Next Article

PalmSource ships Web browser

Previous Article

Apple plays up .Mac subscriptions