CNET News: New Apache Worm Starts to Spread

[ Thanks to ll for this link. ]

"Security experts are rushing to decode a worm program that exploits a 2-week-old flaw to infect computers running vulnerable versions of the popular open-source Apache Web server application.

"The worm is thought to be capable of spreading only to Web servers running the FreeBSD operating system, an open-source variant of Unix, that haven't had a patch applied for the recent flaw. Although few people have reported the worm, it is thought to be infecting vulnerable Web servers worldwide...

"At present, if the Apache worm tries to spread to any non-FreeBSD system, it will likely crash the session on the server to which the worm had connected. That's not so bad, said [eEye Digital Security's chief hacking officer Marc] Maiffret, but it could cause many servers to crash if the worm develops into an epidemic..."

Complete Story

Related Stories:

• Remote Exploit for 32-bit Apache HTTP Server Known(Jun 21, 2002)
• The Nando Times: Miscommunication After Flaw Found in Apache Server Software(Jun 18, 2002)
• InfoWorld: Experts Warn of Major Hole in Apache Web Server(Jun 18, 2002)