Security experts are rushing to decode a worm program that exploits a 2-week-old flaw to infect computers running vulnerable versions of the popular open-source Apache Web server application.. . .

Security experts are rushing to decode a worm program that exploits a 2-week-old flaw to infect computers running vulnerable versions of the popular open-source Apache Web server application.

The worm is thought to be capable of spreading only to Web servers running the FreeBSD operating system, an open-source variant of Unix, that haven't had a patch applied for the recent flaw. Although few people have reported the worm, it is thought to be infecting vulnerable Web servers worldwide.

"It is spreading," said Domas Mituzas, a systems developer for Baltic information-technology firm Microlink Systems and the first to report the new worm. "It hit us from Poland, and the comments are in Italian, so it could be from any part of the world."

From his early analysis of the worm, the 19-year-old Lithuanian programmer believes it was designed to create a flood net--a collection of compromised servers that can be used in a denial-of-service attack to overwhelm a target with data.

The link for this article located at CNET is no longer available.