Home » Topics » Cybersecurity » “Slapper” worm attacks Linux web servers

“Slapper” worm attacks Linux web servers

Pete Swabeyby Pete Swabey

A malicious software worm that attacks web servers using the open source Linux operating system has compromised more than 3,500 computers and is spreading rapidly, according to an advisory from security software vendor Symantec.

The so-called “Slapper” worm commandeers open source Apache web servers running on Linux to launch a distributed denial of service (DDoS) attack. Security experts said that Slapper could enable hackers to steal confidential data and execute malicious commands remotely.

Symantec said the threat of a global virus from the worm was “high”.

Slapper exploits a buffer overflow vulnerability in the Apache Open Secure Sockets Layer (OpenSSL) module that enables it to copy itself to other Linux users. SSL is a security protocol that encrypts data sent over the Internet.

The fact that Slapper uses source code spreading technology makes it especially dangerous, said Eugene Kaspersky, founder and head of anti-virus research for anti-virus software vendor Kaspersky Labs. He said “the uploaded worm copy of the [Slapper] worm is in the source code”, instead of in a pre-compiled executable package.

This enables Slapper to use a web server’s native C compiler program, which translates C source code into machine language, to propagate. C compilers are found on every commonly used platform, said Kaspersky.

As a result, Slapper could also spread to non-Linux platforms. “It is quite possible that Slapper will initiate a new wave of multi-platform malware [malicious software] development, which will be able to infect not only Linux, but Windows, Unix and other operating systems simultaneously,” said Kaspersky.

This technique was used in the infamous Morris Worm in 1988, which infected more than 6,000 companies globally and caused losses estimated at $96 million (€99m).

Symantec said patches to fix the OpenSSL vulnerability were available. “If administrators are unable to install the patch, it may be possible to disable the SSL engine in the Apache Web server. This can be achieved by modifying the configuration file to remove any configuration items regarding SSL configurations,” it added.

Anti-virus advisory:
Kaspersky Labs

Pete Swabey

Pete Swabey

Pete was Editor of Information Age and head of technology research for Vitesse Media plc from 2005 to 2013, before moving on to be Senior Editor and then Editorial Director at The Economist Intelligence...

Related Topics

DDoS Attack
Linux

Related Stories

Cybersecurity

How AI will shift the security landscape in 2024

The impact of AI within cybersecurity is expected to grow significantly this year, says Alex Holland, senior malware analyst at HP

AI & Machine Learning

NCSC releases guidelines for secure AI development

New guidance from the National Cyber Security Centre (NCSC) aims to help businesses securely innovate with AI and minimise risks

Cybersecurity

3 cybersecurity compliance challenges and how to address them

Earning those trust seals can strengthen relationships with board members and prospective customers, but it sure isn’t easy.

Cybersecurity

70% of UK firms reported cyber insurance changes in past year

According to research from Databarracks, seven in 10 UK businesses have seen changes to their cyber insurance in the past 12 months, as requirements rise