Apache worm barely squirms

[InfoSec News <isn () c4i org>]

http://news.com.com/2100-1001-940989.html?tag=fd_top

By Robert Lemos 
Staff Writer, CNET News.com
July 1, 2002, 1:45 PM PT

A program designed to infect vulnerable computers running the
open-source Apache Web server application apparently hasn't made it
very far, security experts said Monday.

As first reported by CNET News.com, the Apache worm infects unpatched
servers running the FreeBSD operating system, an open-source variant
of Unix, and the Apache Web software. Despite initial reports that the
worm had spread to some servers, consultants and antivirus experts
haven't seen much activity.

"It's pretty much dead," said Marc Maiffret, chief hacking officer for
network-protection company eEye Digital Security. "We haven't seen
anything."

At least one computer appears to have been infected, however. The
Apache worm compromised a server owned by Baltic information
technology company Microlink Systems, Domas Matuzas, a Lithuanian
programmer for the company, said Friday.

The worm failed to do much--if any--damage over the weekend, however.

"We received no in-the-wild submissions," said Carey Nachenberg, chief
architect of the security response team for antivirus company
Symantec. "It doesn't seem to be actively spreading."

The company, which refers to the worm as FreeBSD.Scalper.Worm, rated
the program a low Internet threat.

"This specific implementation...it doesn't pose a large problem
because of its focus," said Peter Szor, chief antivirus researcher for
Symantec, pointing out that because the worm focuses on FreeBSD, a
relatively minor player in the Unix world, few computers would be
affected.

However, there are indications that the flaw exploited by the worm
appears in other platforms, which could mean the advent of more
damaging worms.

"It will become a bigger issue for sure," said Szor.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.