The APACHE/MOD_SSL, or "Slapper" worm that is fast infecting Web servers worldwide marks a new milestone in the evolution of computer worms, experts say: the creation of a peer-to-peer network by a worm for the purpose of conducting distributed denial of service (DDOS) attacks. But experts are divided on how big a threat Slapper poses to the Internet infrastructure as a whole.
The worm, which exploits a known buffer overrun vulnerability in the Secure Sockets Layer 2.0 (SSLv2) handshake process is already believed to have infected over 13,000 Apache Web servers, according to Helsinki-based F-Secure, a computer and network security company. The worm infects host machines by using the SSL vulnerability to transfer its malicious source code to a remote machine, then compiling that code, producing a new executable, according to an advisory posted on Carnegie Mellon's CERT Coordination Center Web page.
Once infected by the Slapper worm, Web servers effectively become hosts in a large peer-to-peer network of other infected servers. Infected servers scan for other Web hosts to infect, and coordinate with other infected hosts over the 2002/UDP (User Datagram Protocol) port.
News source: Infoworld
View: The full story