1. Symantec/
  2. Security Response/
  3. Linux.Slapper.Worm


Risk Level 2: Low

September 13, 2002
February 13, 2007 11:53:31 AM
Also Known As:
Apache/mod_ssl Worm, Linux/Slapper-A [Sophos], ELF_SLAPPER.A [Trend], Linux.Slapper.Worm [CA], Linux/Slapper.worm.a [McAfee], Worm.Linux.Slapper [AVP], Linux/Slapper [Panda]
Systems Affected:
CVE References:

Linux.Slapper.Worm is a family of worms that use an OpenSSL buffer overflow exploit to run a shell on a remote computer. Each variant of the family targets vulnerable installations of the Apache Web server on Linux operating systems, which include versions of SuSe, Mandrake, RedHat, Slackware, and Debian. The worm also contains code for a Distributed Denial of Service (DDoS) attack.

More than 3,500 computers have been observed performing this activity, according to Symantec DeepSight Threat Management System data. This includes computers located in Portugal and Romania, where initial reports of the worm originated.

For additional information, read the Symantec Security Response advisory at: http://securityresponse.symantec.com/avcenter/security/Content/2002.09.13.html

For patch information on vulnerable products, visit http://online.securityfocus.com/bid/5363/solution.

Antivirus Protection Dates

  • Initial Rapid Release version September 16, 2002
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version September 16, 2002
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date September 18, 2002
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Peter Szor

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube