The Apache/MOD_SSL, or "Slapper" worm that is fast infecting Web servers worldwide marks a new milestone in the evolution of computer worms, experts say: the creation of a peer-to-peer network by a worm for the purpose of conducting distributed denial of . . .
The Apache/MOD_SSL, or "Slapper" worm that is fast infecting Web servers worldwide marks a new milestone in the evolution of computer worms, experts say: the creation of a peer-to-peer network by a worm for the purpose of conducting distributed denial of service (DDOS) attacks. But experts are divided on how big a threat Slapper poses to the Internet infrastructure as a whole.

The worm, which exploits a known buffer overrun vulnerability in the Secure Sockets Layer 2.0 (SSLv2) handshake process is already believed to have infected over 13,000 Apache Web servers, according to Helsinki-based F-Secure, a computer and network security company. The worm infects host machines by using the SSL vulnerability to transfer its malicious source code to a remote machine, then compiling that code, producing a new executable, according to an advisory posted on Carnegie Mellon's CERT Coordination Center Web page.

Once infected by the Slapper worm, Web servers effectively become hosts in a large peer-to-peer network of other infected servers. Infected servers scan for other Web hosts to infect, and coordinate with other infected hosts over the 2002/UDP (User Datagram Protocol) port.

It is the ability of Slapper to create its own network, experts said, that makes this worm different from its predecessors, such as last year's Code Red worm or this summer's Scalper worm.

The link for this article located at InfoWorld is no longer available.