Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Computer virus creates peer-to-peer terror network.
www.WorldTribune.com ^ | Copyright 2002 | Scott McCollum

Posted on 09/17/2002 10:13:04 AM PDT by Scott McCollum

"The 13,800+ Linux servers infected by the Slapper worm have created a huge, intelligent P2P network that according to Symantec virus analysts can efficiently redirect network traffic, data and even router information from targeted networks back to the compromised Linux servers."

(Excerpt) Read more at worldtechtribune.com ...


TOPICS: Business/Economy; Crime/Corruption; News/Current Events
KEYWORDS: economy; hackers; terrorism; virus
Navigation: use the links below to view more comments.
first 1-2021-4041-6061-80 ... 141-149 next last
"Slapper" virus-infected servers went from 2,000 on Friday to 6,700 on Monday and approaching 14,000 today (Tuesday). The number of infected servers on the Internet that are connecting to this dangerous rogue network is still growing...
1 posted on 09/17/2002 10:13:05 AM PDT by Scott McCollum
[ Post Reply | Private Reply | View Replies]

To: Scott McCollum
That d*mn Microsoft -- oh wait ...
2 posted on 09/17/2002 10:15:17 AM PDT by jlogajan
[ Post Reply | Private Reply | To 1 | View Replies]

To: jlogajan
This is precisely why I NEVER go 'on-line'.
3 posted on 09/17/2002 10:18:52 AM PDT by Lower55
[ Post Reply | Private Reply | To 2 | View Replies]



The Symantic site has this additional info posted on Sept. 13, 2002:

Linux.Slapper.Worm uses an OpenSSL buffer overflow exploit to run a shell on a remote system. The worm targets vulnerable installations of the Apache Web server on Linux operating systems which includes versions of SuSe, Mandrake, RedHat, Slackware and Debian. The worm also contains code for a Distributed Denial of Service attack. At this time over 3500 computers have been observed performing this activity, according to Symantec DeepSight Threat Management System data. This includes computers located in Portugal and Romania, where initial reports of the worm originated. (see link above for further details...)

4 posted on 09/17/2002 10:23:42 AM PDT by ricer1
[ Post Reply | Private Reply | To 3 | View Replies]

Maybe I missed it, but how does the box become infected in the first place? I know what slapper exploit's, but how is it propogating itself?
5 posted on 09/17/2002 10:23:47 AM PDT by Michael Barnes
[ Post Reply | Private Reply | To 3 | View Replies]

To: Scott McCollum
Wanna get Penguified?

Just Holla!

NO THANKS! LOL!
6 posted on 09/17/2002 10:26:00 AM PDT by Honcho Bongs
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdb3
psst...
7 posted on 09/17/2002 10:26:05 AM PDT by Michael Barnes
[ Post Reply | Private Reply | To 5 | View Replies]

To: jlogajan
That has to look bad to the penguin crowd
8 posted on 09/17/2002 10:27:50 AM PDT by smith288
[ Post Reply | Private Reply | To 2 | View Replies]

To: ricer1
This SSL buffer overflow exploit has been known and patches have already been given to correct the problem.

Any sysadmins who would still get it on systems under their care are asleep at the wheel.

9 posted on 09/17/2002 10:27:50 AM PDT by rdb3
[ Post Reply | Private Reply | To 4 | View Replies]

To: smith288
That has to look bad to the penguin crowd

Why would it, homie?

10 posted on 09/17/2002 10:28:32 AM PDT by rdb3
[ Post Reply | Private Reply | To 8 | View Replies]

To: Scott McCollum
As usual with your articles, virtually nothing but FUD.

If you have Linux servers in your company or school, you might want to disconnect it from the Internet before you are unwittingly made a part of a cyberterror P2P network with a global scope.

Or maybe you could apply the patches that have been out for some time now.

all of which were able to be used by the Slapper virus author(s) in Distributed Denial of Service (DDoS) cyberterror attacks to take large corporations, major Internet service providers and even government organizations off the Internet.

Do you have any evidence that this has occurred? If not, then your wording is very deceptive.

Now that the Linux Slapper virus is loose, many customers who purchased those inherently more stable, secure and virus-proof Linux servers are probably wishing there was a multi-million dollar virus protection industry to help them out.

Nobody except the strawmen in your head have ever claimed that Linux was completely immune to viruses or security threats. One virus does not negate the overall track record of Linux and Unix servers being more secure than Windows.

11 posted on 09/17/2002 10:29:16 AM PDT by ThinkDifferent
[ Post Reply | Private Reply | To 1 | View Replies]

To: ricer1
So can you avoid this worm by running your SSL and Apache services using an account with no privileges, instead of using root?

I suspect many of these infected machines are run by dumba$$es who don't even know they're running a webserver, and have no idea how to configure a secure box.
12 posted on 09/17/2002 10:29:29 AM PDT by proxy_user
[ Post Reply | Private Reply | To 4 | View Replies]

To: Honcho Bongs
You couldn't handle it anyway. So, no harm and no foul for you.
13 posted on 09/17/2002 10:29:33 AM PDT by rdb3
[ Post Reply | Private Reply | To 6 | View Replies]

To: Honcho Bongs
It's not Linux, it's a problem with OpenSSL.
14 posted on 09/17/2002 10:29:43 AM PDT by triggerhappy
[ Post Reply | Private Reply | To 6 | View Replies]

To: unix
For more information look at this thread Slapper worm spanks Apache servers
15 posted on 09/17/2002 10:30:03 AM PDT by DrDavid
[ Post Reply | Private Reply | To 5 | View Replies]

To: rdb3
Im not trying to crack the Linux crowd, homie. Im just saying that Linux is always touting security.

Well, hackers are now going to put every effort into defeating this challenge and look for Linux to be a target. Linux distros will eventually end up putting patches out there just like M$ has to do.
16 posted on 09/17/2002 10:32:19 AM PDT by smith288
[ Post Reply | Private Reply | To 10 | View Replies]

To: rdb3
"You couldn't handle it anyway"

Overly sensitive, aren't you? You don't know what I do or what I can handle. You're just rude and defensive (and offensive).

17 posted on 09/17/2002 10:32:19 AM PDT by Honcho Bongs
[ Post Reply | Private Reply | To 13 | View Replies]

To: DrDavid
From your link, "Slapper exploits a previously-disclosed OpenSSL vulnerability..."

This OpenSSL problem is repaired. If anyone else still gets it, well...

18 posted on 09/17/2002 10:33:12 AM PDT by rdb3
[ Post Reply | Private Reply | To 15 | View Replies]

To: Honcho Bongs
Overly sensitive, aren't you?

Nope.

You don't know what I do or what I can handle. You're just rude and defensive (and offensive).

You used my words to set up your "joke." You just got smacked down for it, is all.

I'm "rude?" Well, how's this: Your mama is an astronaut.

Rude enough for ya? It can get worse.

Bongs.

19 posted on 09/17/2002 10:35:43 AM PDT by rdb3
[ Post Reply | Private Reply | To 17 | View Replies]

To: Scott McCollum
[sigh]

Ok folks, a little truth in advertising.

Slapper does not exploit Linux. Slapper exploits vulnerabilities in OpenSSL. It just so happens that most of the OpenSSL implementations happen to be on Linux because Microsoft does not ship OpenSSL. It also happens to be used by Apache the web server that ships with most Linux packages. Further, 14,000 of servers infected are a very minor percent of the total Linux server population.

Also, OpenSSL is still pre-release code. The current version number is 0.9.6. Any sysadmin who builds a web page using essentially a BETA product should know that they risk vulnerabilities because the code has not been fully tested.

The vulnerability exploited by the worm was announced in July and is a classic buffer overflow vulnerability. Further, the solution for this problem (upgrade to 0.9.6e)
was published in Aug.

To "cry alarm" and disparage Linux is the same as blaming a car manufacture who offers 'Joe's radio and CD player' option for their car, who then finds that Joe's player can cause an electrical fault, who then issues a recall, and then a month later, a bunch of fires happen to their cars that have this radio installed.

My point to all of this is that the problem is not Linux. If a system gets burned, it's because the Sysadmin is using Beta software and the sysadmin is not keeping that software up to date.

[Full disclosure]
I hold the industry's highest security certification (CISSP) and network certification (CCIE). I also have years of experience building some of the worlds most secure networks outside of the military.
20 posted on 09/17/2002 10:36:31 AM PDT by taxcontrol
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-6061-80 ... 141-149 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson