Those folks relying upon security through obscurity might well wish to get on the ball and fully patch-up; September 23 VNUNET.COM. A suspect has been arrested on suspicion of authoring the Slapper worm. But although the threat of the worm seems to have been short-lived, a new variant is already set to take up where its predecessor left off. Although the ISC's 'most attacked ports' chart no longer features Slapper in its Top 10 a variant, Slapper.B, has been spotted in the wild. Slapper.B has several subtle differences, but is for the most part an updated version of its predecessor. Both worms attempt to exploit a known vulnerability in the Secure Sockets Layer 2.0 (SSLv2) handshake process. The two variants also carry the same payload, a password-protected backdoor and denial of service (DoS) capabilities. ISS's Morgan said that with the new variant on the loose his company had calculated that about 10,000 servers were probably now infected, and that the network was probably going to be used for DoS attacks. He added that it was unlikely the original author created the second worm. "It was significant that source code for the original Slapper was distributed within the computer underground immediately after the worm was detected in the wild," he said. Source: http://www.vnunet.com/News/1135274 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Tue Sep 24 2002 - 07:20:15 PDT