Linux/Apache users beware!


Aug 11, 2001
If you have no idea of what Linux or Apache Web server is, click here.
If you use Linux and Apache Web server, read on!

The Slapper Linux worm was found on September 13th 2002 around 23:00 GMT.

Slapper spreads on Linux machines by using a flaw discovered in August 2002 in OpenSSL libraries. The worm was found in Eastern Europe late on Friday September 13th 2002.

The worm typically affects Linux machines that are running Apache web server with OpenSSL enabled. Apache installations cover more than 60% of public web sites in the internet. It can be estimated that less than 10% of these installations have enabled SSL services. By some estimates, there are over one million active OpenSSL installations in the public web. A very big part of these machines have not yet been patched to close this hole, and are thus prone to infection by the Slapper worm.

Once a machine gets infected by Slapper, it joins a massive peer-to-peer denial-of-service network, which can be controlled by the virus author. During the weekend, F-Secure engineers reverse engineered the peer-to-peer protocol that the worm uses. F-Secure now has a computer connected to the Slapper peer-to-peer network, and through this node the exact number of infected machines and their network names can be identified