Discovered: September 13, 2002
Updated: February 13, 2007 11:53:31 AM
Also Known As: Apache/mod_ssl Worm, Linux/Slapper-A [Sophos], ELF_SLAPPER.A [Trend], Linux.Slapper.Worm [CA], Linux/Slapper.worm.a [McAfee], Worm.Linux.Slapper [AVP], Linux/Slapper [Panda]
Type: Worm
Systems Affected: Linux
Linux.Slapper.Worm is a family of worms that use an
OpenSSL buffer overflow exploit to run a shell on a remote computer. Each variant of the family targets vulnerable installations of the Apache Web server on Linux operating systems, which include versions of SuSe, Mandrake, RedHat, Slackware, and Debian. The worm also contains code for a Distributed Denial of Service (DDoS) attack.
More than 3,500 computers have been observed performing this activity, according to Symantec DeepSight Threat Management System data. This includes computers located in Portugal and Romania, where initial reports of the worm originated.
For additional information, read the Symantec Security Response advisory at:
http://securityresponse.symantec.com/avcenter/security/Content/2002.09.13.html
For patch information on vulnerable products, visit
http://online.securityfocus.com/bid/5363/solution.
Protection
-
Initial Rapid Release version September 16, 2002
-
Latest Rapid Release version July 12, 2008 revision 018
-
Initial Daily Certified version September 16, 2002
-
Latest Daily Certified version July 12, 2008 revision 019
-
Initial Weekly Certified release date September 18, 2002
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Medium
-
Number of Infections: More than 1000
-
Number of Sites: More than 10
-
Geographical Distribution: Medium
-
Threat Containment: Easy
-
Removal: Easy
Damage
Distribution
-
Distribution Level: Medium
Writeup By: Peter Szor
