"Linux.Slapper.Worm uses an OpenSSL buffer overflow exploit to
run a shell on a remote system. The worm targets vulnerable
installations of the Apache Web server on Linux operating systems
which includes versions of SuSe, Mandrake, RedHat, Slackware and
Debian. The worm also contains code for a Distributed Denial of
"At this time over 350 computers have been observed performing
this activity, according to Symantec DeepSight Threat Management
System data. This includes computers located in Portugal and
Romania, where initial reports of the worm originated..."
"There has been credible reports that a worm propagating in the
wild is breaking into servers running vulnerable versions of
OpenSSL. Last month, several critical security issues, including a
client-exploitable remote buffer overflow in the SSLv2 handshake
process, were discovered in all OpenSSL versions prior to 0.9.6e.
The worm appears to exploit this hole, although little else is
known: it communicates with peers over UDP port 2002, and may have
distributed denial of service capabilities. Statistics from the
Internet Storm Center indicate a noticeable spike in port 2002
activity over the past few days, though reported intrusions have
been mostly isolated to Europe thus far.
"The worm seems to pick its targets by server banners; for
Apache, you can set the ServerTokens option to 'ProductOnly' to
keep it from reporting its operating system and version
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.