Date: Wed, 18 Sep 2002 11:20:01 -0500
Subject: Slapper Worm Still Spreading.htm Slapper Worm Still Spreading
Search    in      Advanced Search Ziff Davis Media
Already a Member? Sign In Not a member? Join Now
Home My Account Sign In


News & Analysis

From The Labs


Spencer F. Katt®




IT Careers Center

IT Infrastructure

Free Subscription

Special Report
   Bush's Security Plan
   Microsoft vs. DOJ
   IT Agenda 2002

Cover: September 16, 2002

  • Check out this issue

  • Past Issues

  • Free Subscription

  • Subscriber Help

  • Newsletter Help

  •  Free Online Seminars For IT Professionals
     9/24: Managing the Mobile Invasion
     9/25: Business Activity Monitoring (BAM)
     9/26: Storage Research Management
     10/24: Supplemental Network Storage

    Get eWEEK's
    FREE online newsletters!
    eWEEK Product Update
    eWeek Enterprise Update
    eWEEK News & Views
    Securing the Enterprise
    Peter Coffee's Enterprise IT Advantage
    eWEEK Storage Report
    Preferred e-mail format:
    Enter your e-mail:

    View All Newsletters


    Click here for the products and services that will enhance the way you live, work and play.
    MARKETLINK online—your Technology connection.

    September 16, 2002
    Slapper Worm Still Spreading

    The Slapper worm continued to spread quickly over the weekend, with some security experts putting the number of compromised servers as high as 6,000.

    As first reported by eWeek on Friday, the worm attacks Linux machines running the Apache Web server software with the OpenSSL tools installed. It exploits a buffer overrun vulnerability in the SSL handshake process using a forged client master key. It scans the Internet for vulnerable Apache machines and tries to deduce the Linux distribution on each machine from information in the "Server:" response header, experts say.

    Once it has infected a server, Slapper installs both a backdoor and a set of tools that can be used to launch a variety of distributed denial-of-service attacks. There have been some reports of infected servers being used to attack Web sites already.

    The backdoor that Slapper installs accepts remote command execution from any user, without authentication. This means that any attacker who is able to locate a number of infected machines could then use them to launch a DDoS attack.

    The worm is capable of launching several discrete DDoS attacks, including TCP/IP floods, UDP floods and, perhaps most troubling, DNS floods, according to an analysis by Internet Security Systems Inc.'s X-Force research team.

    The worm communicates with other infected servers using a peer-to-peer network and uses UDP port 2002.

    On July 30, The OpenSSL Project issued a security bulletin warning of four separate vulnerabilities in all versions of the software up to release 0.96d. All four flaws are buffer overruns, and all are remotely exploitable.

    Version 0.96e, which was released the same day as the security bulletin, fixes the vulnerability.



    Useful, informative sessions for professionals, with Ziff Davis editors, leading companies.
  •  9/24 Successfully Integrate and Deploy Wireless/PDA in the Enterprise
  •  9/25 Drive Real Time Business Results with Business Activity Monitoring
  •  9/26 Increase Application Availability with Storage Resource Management

    Get More Information at

  • Free 14-day subscription to Microsoft Watch!
  •  The latest on Palladium, Longhorn, Whidbey, Great Plains and .Net
  •  Updates on Microsoft's mission to trample/co-opt open source
  •  Guide to the best Microsoft-related online resources, and much more.

    Click here now and try it Free!

  • Get eWEEK Free!
    Fill in the form below to apply for a free subscription to the weekly print edition:
    Company: First Name: Last Name:
    Address: City: State:
    Zip: Email:  

    function OpenSaveArticleWindow(querystring) { LeftPosition = (screen.width) ? (screen.width)/10 : 0; TopPosition = (screen.height) ? (screen.height)/10 : 0; settings = 'menubar=no,height=500,width=400' hWin ="/save_article/" + querystring, "SaveArticle", settings, false); hWin.focus(); if (hWin.opener == null) hWin.opener = self; } function OpenEmailArticleWindow(querystring) { LeftPosition = (screen.width) ? (screen.width)/10 : 0; TopPosition = (screen.height) ? (screen.height)/10 : 0; settings = 'menubar=no,height=555,width=365,resizable=yes,scrollbars=yes' hWin ="/email_article/" + querystring, "SaveArticle", settings, true); hWin.focus(); if (hWin.opener == null) hWin.opener = self; }
    Email this Article
    Printer-Friendly Version

    New Tool Helps Manage Java Applications
    DoubleClick Makes Offer for Protagona
    Finisar Sharpens SAN Testing Tool
    SuSE Linux Drops StarOffice
    Arbortext Targeting Life Sciences Industry
    CA Integrates eTrust Tools
    HP Signs Services Deal With CIBC
    IBM pSeries to Offer Native Linux
    Connectix App Eases Server Consolidation


    Sponsored Links
    Shop Now! - Dell Home Solutions Center

    Click here for Micron PC

    Sponsored Links

    Get your E-business questions answered by our Experts

    Save on RAM upgrades! Get 10% off and free shipping at

    Dell™ has a deal you won't want to miss!

    Dell Deals - Small Business Specials

    Plan I.T. resources better with IBM's white paper.


    Avoid inconsistent databases - read the new Winter Corp. white paper now.

    Customer Service | Contact Us | About | Advertise

    Ziff Davis Media:
    About | Advertise | Newsletters | Magazine Subscriptions | eSeminars | Feedback
    Baseline | CIO Insight | Computer Gaming World | Electronic Gaming Monthly | ExtremeTech
    GameNOW | Microsoft Watch | Official US PlayStation Magazine | PC Magazine | Yahoo! Internet Life
    Copyright © 2002 Ziff Davis Media Inc. All Rights Reserved.
    eWEEK and Spencer F. Katt are trademarks of Ziff Davis Publishing Holdings, Inc.
    Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Media Inc. is prohibited.
    For reprint information: click here.