1. /
  2. Security Response/
  3. Linux.Slapper.Worm

Linux.Slapper.Worm

Risk Level 2: Low

Discovered:
September 13, 2002
Updated:
February 13, 2007 11:53:31 AM
Also Known As:
Apache/mod_ssl Worm, Linux/Slapper-A [Sophos], ELF_SLAPPER.A [Trend], Linux.Slapper.Worm [CA], Linux/Slapper.worm.a [McAfee], Worm.Linux.Slapper [AVP], Linux/Slapper [Panda]
Type:
Worm
Systems Affected:
Linux
CVE References:
CAN-2002-0656


Linux.Slapper.Worm is a family of worms that use an OpenSSL buffer overflow exploit to run a shell on a remote computer. Each variant of the family targets vulnerable installations of the Apache Web server on Linux operating systems, which include versions of SuSe, Mandrake, RedHat, Slackware, and Debian. The worm also contains code for a Distributed Denial of Service (DDoS) attack.

More than 3,500 computers have been observed performing this activity, according to Symantec DeepSight Threat Management System data. This includes computers located in Portugal and Romania, where initial reports of the worm originated.




For additional information, read the Symantec Security Response advisory at: http://securityresponse.symantec.com/avcenter/security/Content/2002.09.13.html

For patch information on vulnerable products, visit http://online.securityfocus.com/bid/5363/solution.

Antivirus Protection Dates

  • Initial Rapid Release version September 16, 2002
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version September 16, 2002
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date September 18, 2002
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Medium
  • Number of Infections: More than 1000
  • Number of Sites: More than 10
  • Geographical Distribution: Medium
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Low

Distribution

  • Distribution Level: Medium
Writeup By: Peter Szor

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver