Computer virus creates peer-to-peer terror network.

www.WorldTribune.com ^ | Copyright 2002 | Scott McCollum

[Scott McCollum]

"The 13,800+ Linux servers infected by the Slapper worm have created a huge, intelligent P2P network that according to Symantec virus analysts can efficiently redirect network traffic, data and even router information from targeted networks back to the compromised Linux servers."

[Scott McCollum]

"Slapper" virus-infected servers went from 2,000 on Friday to 6,700 on Monday and approaching 14,000 today (Tuesday). The number of infected servers on the Internet that are connecting to this dangerous rogue network is still growing...

[jlogajan]

That d*mn Microsoft -- oh wait ...

[Lower55]

This is precisely why I NEVER go 'on-line'.

[ricer1]

The Symantic site has this additional info posted on Sept. 13, 2002:



Linux.Slapper.Worm uses an OpenSSL buffer overflow exploit 
to run a shell on a remote system. The worm targets 
vulnerable installations of the Apache Web server on 
Linux operating systems which includes versions of SuSe, 
Mandrake, RedHat, Slackware and Debian. The worm also 
contains code for a Distributed Denial of Service attack.

At this time over 3500 computers have been observed 
performing this activity, according to Symantec
DeepSight Threat Management System data. This includes 
computers located in Portugal and Romania, where initial 
reports of the worm originated.


(see link above for further details...)

[Michael Barnes]

Maybe I missed it, but how does the box become infected in the first place? I know what slapper exploit's, but how is it propogating itself?

[Honcho Bongs]

Wanna get Penguified?

Just Holla!

NO THANKS! LOL!

[Michael Barnes]

psst...

[smith288]

That has to look bad to the penguin crowd

[rdb3]

This SSL buffer overflow exploit has been known and patches have already been given to correct the problem.

Any sysadmins who would still get it on systems under their care are asleep at the wheel.

[rdb3]

That has to look bad to the penguin crowd

Why would it, homie?

[ThinkDifferent]

As usual with your articles, virtually nothing but FUD.

If you have Linux servers in your company or school, you might want to disconnect it from the Internet before you are unwittingly made a part of a cyberterror P2P network with a global scope.

Or maybe you could apply the patches that have been out for some time now.

all of which were able to be used by the Slapper virus author(s) in Distributed Denial of Service (DDoS) cyberterror attacks to take large corporations, major Internet service providers and even government organizations off the Internet.

Do you have any evidence that this has occurred? If not, then your wording is very deceptive.

Now that the Linux Slapper virus is loose, many customers who purchased those inherently more stable, secure and virus-proof Linux servers are probably wishing there was a multi-million dollar virus protection industry to help them out.

Nobody except the strawmen in your head have ever claimed that Linux was completely immune to viruses or security threats. One virus does not negate the overall track record of Linux and Unix servers being more secure than Windows.

[proxy_user]

So can you avoid this worm by running your SSL and Apache services using an account with no privileges, instead of using root?

I suspect many of these infected machines are run by dumba$$es who don't even know they're running a webserver, and have no idea how to configure a secure box.

[rdb3]

You couldn't handle it anyway. So, no harm and no foul for you.

[triggerhappy]

It's not Linux, it's a problem with OpenSSL.

[DrDavid]

For more information look at this thread Slapper worm spanks Apache servers

[smith288]

Im not trying to crack the Linux crowd, homie. Im just saying that Linux is always touting security.

Well, hackers are now going to put every effort into defeating this challenge and look for Linux to be a target. Linux distros will eventually end up putting patches out there just like M$ has to do.

[Honcho Bongs]

"You couldn't handle it anyway"

Overly sensitive, aren't you? You don't know what I do or what I can handle. You're just rude and defensive (and offensive).

[rdb3]

From your link, "Slapper exploits a previously-disclosed OpenSSL vulnerability..."

This OpenSSL problem is repaired. If anyone else still gets it, well...

[rdb3]

Overly sensitive, aren't you?

Nope.

You don't know what I do or what I can handle. You're just rude and defensive (and offensive).

You used my words to set up your "joke." You just got smacked down for it, is all.

I'm "rude?" Well, how's this: Your mama is an astronaut.

Rude enough for ya? It can get worse.

Bongs.

[taxcontrol]

[sigh]

Ok folks, a little truth in advertising.

Slapper does not exploit Linux. Slapper exploits vulnerabilities in OpenSSL. It just so happens that most of the OpenSSL implementations happen to be on Linux because Microsoft does not ship OpenSSL. It also happens to be used by Apache the web server that ships with most Linux packages. Further, 14,000 of servers infected are a very minor percent of the total Linux server population.

Also, OpenSSL is still pre-release code. The current version number is 0.9.6. Any sysadmin who builds a web page using essentially a BETA product should know that they risk vulnerabilities because the code has not been fully tested.

The vulnerability exploited by the worm was announced in July and is a classic buffer overflow vulnerability. Further, the solution for this problem (upgrade to 0.9.6e)
was published in Aug.

To "cry alarm" and disparage Linux is the same as blaming a car manufacture who offers 'Joe's radio and CD player' option for their car, who then finds that Joe's player can cause an electrical fault, who then issues a recall, and then a month later, a bunch of fires happen to their cars that have this radio installed.

My point to all of this is that the problem is not Linux. If a system gets burned, it's because the Sysadmin is using Beta software and the sysadmin is not keeping that software up to date.

[Full disclosure]
I hold the industry's highest security certification (CISSP) and network certification (CCIE). I also have years of experience building some of the worlds most secure networks outside of the military.