[ISN] Third slapper worm hits the street

From: InfoSec News (isnat_private)
Date: Wed Sep 25 2002 - 00:17:11 PDT

  • Next message: InfoSec News: "[ISN] Training Security Foot Soldiers"

    Forwarded from: Muhammad Faisal Rauf Danka <mfrdat_private>
    By Iain Thomson 
    Barely 24 hours after the Slapper B worm started to show up on
    antivirus monitoring stations, a new variant has cropped up.
    According to security specialist ISS, Slapper C has infected 1,500
    servers already and is spreading, although a source point has not been
    identified at this time.
    The company warned that the source code for Slapper has spread quickly
    among the underground community, and will be the development platform
    of choice for future attacks.
    Slapper and its variants exploit a vulnerability in the Secure Sockets
    Layer 2.0 of Apache web servers using distributions from Red Hat,
    Mandrake, SuSE, Gentoo and Slackware. Its suspected creator was
    arrested in the Ukraine on Wednesday.
    "We're still analysing this but it doesn't look to be significantly
    different from the B variant," said Jack Clark from Network
    Associates' AVERT monitoring centre.
    "Get your Apache systems patched and update your antivirus software
    and you should be fine."
    A patch for all current variants is available from distributors.
    Muhammad Faisal Rauf Danka
    Head of GemSEC / Chief Technology Officer
    Gem Internet Services (Pvt) Ltd.
    web: www.gem.net.pk
    Key Id: 0x784B0202
    Key Fingerprint: 6F8C EDCF 6C6E 06A5 48D7  6A20 C592 484B 
    784B 0202
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Sep 25 2002 - 03:04:15 PDT