Discover Vendors/Products News
Security Experts Divided on Slapper's Threat
The worm, which exploits a known buffer overrun vulnerability in the Secure Sockets Layer 2.0 (SSLv2) handshake process is already believed to have infected over 13,000 Apache Web servers, according to Helsinki-based F-Secure, a computer and network security company. The worm infects host machines by using the SSL vulnerability to transfer its malicious source code to a remote machine, then compiling that code, producing a new executable, according to an advisory posted on Carnegie Mellon's CERT Coordination Center Web page.
Once infected by the Slapper worm, Web servers effectively become hosts in a large peer-to-peer network of other infected servers. Infected servers scan for other Web hosts to infect, and coordinate with other infected hosts over the 2002/UDP (User Datagram Protocol) port.
It is the ability of Slapper to create its own network, experts said, that makes this worm different from its predecessors, such as last year's Code Red worm or this summer's Scalper worm.
The link for this article located at InfoWorld is no longer available.