|
|
Subscribe / Log in / New account

Network Worms Continue To Attack Linux

Network Worms Continue To Attack Linux

October 4, 2002

Network Worms Continue To Attack Linux
Worm "Mighty" Intensifies the Threat to Linux.

Following on the heals of the "Slapper" worm, which only two weeks ago
was detected attacking Linux computers, comes the next outbreak, this
time the work of the Linux-worm "Mighty". Presently Kaspersky Labs has
registered over 1,600 infected systems the world over.

Many features of "Mighty" are taken from its predecessor, the network
worm "Slapper". Like "Slapper", "Mighty" infects computers running Linux
and the Apache Web-server and also uses the OpenSSL Security System
exploit to gain access. Moreover, "Mighty" partly borrows the source
code spreading method from "Slapper": to ensure compatibility with all
versions of OpenSSL, one of the worm's components (sslx.c, which is
responsible for penetration via the security system vulnerability)
recompiles itself anew on each computer.

In addition to infecting systems, "Mighty" also sets up a backdoor
utility (designed to gain unauthorized control). In turn, this utility
connects with one of the remote IRC-channels where it receives
ill-intentioned commands, which it then executes on the infected system.
In this way "Mighty" is able to leak out confidential information,
corrupt important data, and also use infected machines to conduct
distributed DoS attacks and other nasty activities.

To avert infection, Kaspersky Labs, above all recommends users install
the latest version of OpenSSL (for versions older than 0.9.7-beta,
0.9.6e) and to update their anti-virus program databases.

The defense against "Mighty" has already been added to the Kaspersky
Anti-Virus databases.

A more detailed description of the "Mighty" network worm can be found in
the Kaspersky Virus Encyclopedia
(http://www.viruslist.com/eng/viruslist.html?id=56952).

Best Regards, Denis Zenkin
Head of Corporate Communications
Kaspersky Labs

10, Geroyev Panfilovtsev St, Moscow, 125363,  Russia
Tel.: +7 095 948 56 50; Fax: +7 095 948 43 31; Mobile: +7 095 798 98 76
E-mail: denis@kaspersky.com; http://www.kaspersky.com;
http://www.viruslist.com

Visit Kaspersky Labs Virtual Press Office at
www.kaspersky.com/press.html

Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds