Transatlantic worm targets Linux
Apache web servers under attack from 'Slapper'
A new worm is spreading from the US to infect Linux web servers.
The Linux Slapper worm attacks Apache web servers using a hole in the Open secure sockets layer encryption module and has two functions. Antivirus experts are warning that the popularity of the Apache web server will make it a target for virus writers.
The worm links to other infected servers to form a peer-to-peer network for exchanging data and launching coordinated distributed denial of service (DDoS) attacks. It also allows backdoor access to servers for the worm's propagators.
Early reports from computer security firm ISS state that DDoS attacks linked to the worm have already begun.
Antivirus company Symantec said 3,500 servers have already been infected, although, so far, few cases have been reported in the UK. Network Associates and Sophos have also both reported low levels of infection on British servers.
But the potential of the worm is huge.
"We're seeing more and more viruses designed to go after Apache, although the vast majority are still targeting Windows software," said Natasha Staley, antivirus consultant for Sophos.
"Apache is more popular than Microsoft's software for this kind of application and we're expecting a lot more attacks on this type of software," she added.
The new worm is a variation of a known threat, the Apache 'Scalper' BSD worm.
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503
