http://www.govexec.com/dailyfed/1102/111202h1.htm By Shane Harris sharrisat_private November 12, 2002 A new computer worm infecting a popular World Wide Web technology is proof that computer hackers have grown more sophisticated and could be preparing a significant attack, according to a senior White House official. Marcus Sachs, director of communication and infrastructure protection at the White House Office of Cyberspace Security, said hackers driven to "the back streets and back alleys of the Internet" by intense law enforcement scrutiny following the Sept. 11 attacks have quietly been building new threats. The new worm, widely known as Slapper, is a prime example of their abilities, he said. Officials believe millions of devices are vulnerable to Slapper, which is a computer code that burrows into a server, the program that provides the files that constitute Web pages. It enters through a well-known weakness in the Secure Socket Layer (SSL) that connects servers to the Internet. Once inside, the worm forces the server to seek out other infected machines, forming an army of so-called "zombies" that could bombard Web sites with bogus requests for information, causing a massive traffic jam on the Internet. The attack method, known as a distributed denial-of-service attack, has been used to disrupt service on sites such as Yahoo! and eBay. Attacks last year by other worms, such as Code Red and Nimda, caused billions of dollars in damage and targeted some government Web sites, including a White House server. The Slapper worm was identified two months ago, but federal officials still are concerned that many infected or at-risk organizations and individuals haven’t taken adequate steps to protect themselves. The FBI’s National Infrastructure Protection Center has found four variants of the worm, and notes that rates of new infection have declined. However, the agency also has warned that between 25,000 and 30,000 servers have already been infected. A steady buildup of infections preceded the Code Red and Nimda attacks. Sachs said Slapper represents a "double barrel" feat of hacker engineering, because it targets two well-known devices that have long been considered quite secure. The Apache server the worm attacks and the hole in the SSL connection through which it enters are open source products, meaning their design is publicly available. Sachs said there has been a longstanding myth that open source technologies are safer than proprietary systems because their design can be improved by anyone who wants to examine them. The Slapper worm is helping to dispel that notion, he said. The SSL vulnerability exists on a number of products, but Slapper is infecting only Apache servers that use the device. Computer security experts believe Slapper is an evolution of previous worms and viruses because it includes some of the capabilities of its predecessors. It allows a remote attacker to hijack and command the infected system, and it may cause network disruption when the zombie systems communicate with one another, according to the Computer Emergency Response Team Coordination Center, a federally funded security research organization run by Carnegie Mellon University in Pittsburgh. Some believe Slapper is a sign of threats to come. "These types of worms have the potential of becoming the much bigger problem out there," said Vincent Weafer, senior director of the Symantec Anti Virus Research Center in Santa Monica, Calif., who worked with the FBI to investigate Code Red and other worms. Advisories from the center and the FBI list a number of steps to protect systems against Slapper. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Nov 14 2002 - 02:37:02 PST