BBC NEWS    BBC Sport >>   Graphics version >>   Change to UK edition >>
News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia | UK | Business | Entertainment | Science/Nature | Technology | Health | Talking Point
Tuesday, 17 September, 2002, 11:58 GMT 12:58 UK

Slapper worm threatens net attack

A malicious web worm is travelling across the internet enrolling vulnerable machines into a network that some experts think will be used to attack high profile websites.

The US net security watchdog, the Computer Emergency Response Team, has issued a warning about the "Slapper" worm that has infected thousands of Linux web servers.

The worm exploits a known loophole in a popular security program and is slowly recruiting machines into its attack network.

Security experts are urging people to update software to close the loophole and check to ensure their machine has not been infected.

Huge network

Home users have little to worry about as the Slapper worm only targets servers running the popular Apache software.

This free Linux-based program is by far the most widely used web server software.

The worm exploits a vulnerability in Apache servers running software called OpenSSL. Ironically, this is used to make web transactions secure.

The worm marks something of a departure for virus writers which typically target programs made by Microsoft.

"Unix is becoming more and more popular, with Apache beating Microsoft as the web server of choice for many companies," said Graham Cluley, senior technology consultant at Sophos.

"However, this popularity attracts attention from the cybercrime community, so fans of Unix need to remember to take security seriously," he said.

Anti-virus firm F-Secure has inserted a dummy machine into the peer-to-peer network being created by Slapper and the company estimates that, so far, the worm has recruited more than 6,000 machines.

Experts speculate that the creator of the worm wants to build a large network of slave machines that can be used to trigger denial of service attacks. These flood target sites and servers with data hoping to knock them offline.

Potential threat

So far the worm seems content to build up its own network and has only been used to carry out one attack on a net service provider.

Security experts are divided on the threat that Slapper poses. Some fear that if all the recruited machines are activated they could launch devastating attacks.

But other anti-virus companies are reporting that none of their customers have been infected by the worm and say the threat it poses is low.

Like many other malicious programs, the worm is exploiting a vulnerability that has been known about for some while.

The loophole was first discovered in August and patches for it were posted soon after. Anyone using OpenSSL up to and including versions 0.9.6d or 0.9.7beta1 is strongly advised to upgrade to the newest version.

Related to this story:
Cheese beats crackers (22 May 01 | Science/Nature) Code Red threat tailing off (02 Aug 01 | Science/Nature) Computer virus tackles child porn (30 May 01 | Science/Nature) E-mail virus exploits September 11 (11 Sep 02 | Technology) The year of the web worm (19 Jul 02 | Science/Nature) Attacks from the heart of the net (30 Oct 01 | Science/Nature) Net security threats turn devious (08 Aug 02 | Technology)

Internet links: Computer Emergency Response Team | Internet Storm Center | Cert on Slapper worm | F-Secure | Apache | Sophos | Computer Viruses (BBC Hot Topics)
The BBC is not responsible for the content of external internet sites
News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia | UK | Business | Entertainment | Science/Nature | Technology | Health | Talking Point

^^ Back to top | BBC News Home | BBC Homepage | Feedback | ©