Slapper Worm Still Spreading
A worm that attacks Linux machines running the Apache Web server software with the OpenSSL tools installed spread quickly over the weekend.The Slapper worm continued to spread quickly over the weekend, with some security experts putting the number of compromised servers as high as 6,000. As first reported by eWeek on Friday, the worm attacks Linux machines running the Apache Web server software with the OpenSSL tools installed. It exploits a buffer overrun vulnerability in the SSL handshake process using a forged client master key. It scans the Internet for vulnerable Apache machines and tries to deduce the Linux distribution on each machine from information in the "Server:" response header, experts say. Once it has infected a server, Slapper installs both a backdoor and a set of tools that can be used to launch a variety of distributed denial-of-service attacks. There have been some reports of infected servers being used to attack Web sites already.
The backdoor that Slapper installs accepts remote command execution from any user, without authentication. This means that any attacker who is able to locate a number of infected machines could then use them to launch a DDoS attack.