This is the control channel for the P2P network of the SLAPPER WORM. The first instance of the worm we detected originated from a European University. Vulnerabilities: ---------------- Viruses/Worms: Late on September 13th, a new virus known as Linux.Slapper.Worm or the Apache/mod_ssl Worm was discovered. The worm tries to exploit a buffer overflow vulnerability in the OpenSSL component of SSL-enabled Apache web servers. Once active, the worm can be used as a backdoor to start up a range of denial-of-service attacks. Recommendations: ---------------- Virsues/Worms: Some Antivirus firms have updated definitions to combat this threat. Please check with your antivirus provider immediately and carefully review the advisory at http://www.cert.org/advisories/CA-2002-27.html. Matthew F. Caldwell, CISSP Chief Security Officer GuardedNet, Inc -----Original Message----- From: Guido Van De Velde [mailto:Guido.VanDeVeldeat_private] Sent: Wednesday, September 18, 2002 8:54 AM To: incidentsat_private Subject: What's on udp/2002 ? At least something very interesting, according to our fw logs. Anyone any idea ? TIA -- guido ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Sep 18 2002 - 20:24:38 PDT