Slapper Worm Variants Spread

October 2002

Two variants of the Slapper worm that targets Apache Web servers running on Linux operating systems have appeared and are reported to be spreading. The worm initially surfaced early September.

The new variants, known as Slapper.B and Slapper.C, are modifications of the original Slapper worm, known as Slapper.A, and may prove more difficult to remove from infected systems.

The worm, which exploits a known buffer overrun vulnerability in the Secure Sockets Layer 2.0 (SSLv2) handshake process has infected thousands of Web servers worldwide. The handshake process is an initial exchange of messages between an SSL server and an SSL client in which each authenticates itself.

The worm uses the SSL vulnerability to transfer its malicious source code to a remote machine. It then compiles that code, producing a new executable, according to an advisory posted on Carnegie Mellon University Computer Emergency Response Team Coordination Center Web page.

Once infected by the Slapper worm, Web servers become hosts in a large peer-to-peer network of other infected servers. Infected servers scan for other Web hosts to infect, and coordinate with other infected hosts using one of a number of UDP (User Datagram Protocol) ports.

Source...

 

With Dionach you get:

• An efficient, friendly and flexible service
• To talk directly to the experts
• Straightforward assessment reports that get to the point
• Complete confidentiality and utmost discretion