LWN.net Logo

Advertisement

Writers Wanted

Front, Kernel, Security, Distributions, Development. See your byline here on LWN.net.

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Relicensing and rebasing LibreOffice

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Linux Worm Is Spreading Rapidly (TechWeb)

[Posted September 17, 2002 by cook]

TechWeb reports on the rapid spread of the slapper worm, which affects Linux machines running Apache and mod_ssl. "Officials of F-Secure Corp., a security software developer, said from Finland Monday morning that they've detected 11,200 affected systems, double the number they had detected less than 24 hours ago, prompting them to upgrade the worm to a Level 1, the highest level security threat in their classification system."

Also, see this article from TechWeb on the slapper worm. "According to Dan Ingevaldson, team lead of the X-Force R&D division at ISS, the first version may be a test to see how well the worm works before more deadlier versions surface. "Unlike Code Red and Nimda, where virus writers didn't have immediate access to the source code, the source code for this worm is already widely public," he says. "I'd expect new versions to start to surface." Users of OpenSSL through versions 0.96d or 0.9.7beta1 are urged to upgrade to the latest version of OpenSSL, currently 0.9.6g."

(Log in to post comments)

Linux Worm Is Spreading Rapidly (TechWeb)

Posted Sep 17, 2002 19:18 UTC (Tue) by skvidal (subscriber, #3094) [Link]


One comment that is worth making - is that versions of openssl patched by many vendors (red hat in particular) are still openssl 0.9.6b but the patches have been backported. So some of those "vulnerable" systems might be correctly patched from their distro vendor.

Linux Worm Is Spreading Rapidly (TechWeb)

Posted Sep 18, 2002 15:07 UTC (Wed) by proski (subscriber, #104) [Link]

My understanding of the article is that "affected" actually means "infected". But indeed, the article is unclear about that. In any case, the article clearly states that there are 1,600 infected .net hosts and 1,300 infected .com hosts.

Linux Worm Is Spreading Rapidly (TechWeb)

Posted Sep 18, 2002 12:52 UTC (Wed) by penguinista (guest, #308) [Link]

openssl.org appears to be down or overwhelmed. It might be helpful for download sites to start mirroring the required updates. So far I havent been able to find the most recent versions elsewhere. Download.com and Tucows have older versions of openssl and I dont see it on Sourceforge, etc... This is a bad thing.

Linux Worm Is Spreading Rapidly (TechWeb)

Posted Sep 18, 2002 15:32 UTC (Wed) by pflugstad (subscriber, #224) [Link]

Use their FTP site: ftp.openssl.org. It's responding just fine.

Copyright © 2002, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds