Third slapper worm hits the street

[InfoSec News <isn () c4i org>]

Forwarded from: Muhammad Faisal Rauf Danka <mfrd () attitudex com>

http://www.pcw.co.uk/News/1135304

By Iain Thomson 
[24-09-2002]

Barely 24 hours after the Slapper B worm started to show up on
antivirus monitoring stations, a new variant has cropped up.

According to security specialist ISS, Slapper C has infected 1,500
servers already and is spreading, although a source point has not been
identified at this time.

The company warned that the source code for Slapper has spread quickly
among the underground community, and will be the development platform
of choice for future attacks.

Slapper and its variants exploit a vulnerability in the Secure Sockets
Layer 2.0 of Apache web servers using distributions from Red Hat,
Mandrake, SuSE, Gentoo and Slackware. Its suspected creator was
arrested in the Ukraine on Wednesday.

"We're still analysing this but it doesn't look to be significantly
different from the B variant," said Jack Clark from Network
Associates' AVERT monitoring centre.

"Get your Apache systems patched and update your antivirus software
and you should be fine."

A patch for all current variants is available from distributors.



Regards
--------
Muhammad Faisal Rauf Danka

Head of GemSEC / Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk
Key Id: 0x784B0202
Key Fingerprint: 6F8C EDCF 6C6E 06A5 48D7  6A20 C592 484B 
784B 0202

__________________________________________
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.