Welcome to WebmasterWorld Guest from

Forum Moderators: bakedjake

Message Too Old, No Replies

Slapper Worm Exploits Apache SSL Flaw

2:57 pm on Oct 2, 2002 (gmt 0)


WebmasterWorld Administrator rogerd is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 2, 2000
votes: 1

I didn't see discussion of the Slapper Worm here, although the biggest surge in this Linux-based virus was apparently a couple of weeks ago. The interesting thing is that some theorize that it is a sort of cyberweapon prototype.
[news.com.com ]

Also worrisome is that new authors seem to be releasing variants of Slapper:
[vnunet.com ]

5:32 pm on Oct 2, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 12, 2002
votes: 0

I mentioned it tangentially as an example of why installing services the user doesn't know about could be a bad thing, but that's it as far as I recall. I really didn't see it as a big deal, since (1) I never saw any evidence of it in my logs (2) OpenSSL updates were available right away, and mentioned on the scurity mailing lists and (3) Even if you didn't patch, if you are running a packet-filtering firewall (a la iptables) and have all the ports you don't use closed, the worm wouldn't be able to join the p2p network anyway.

Not that (3) is something you should count on. Always patch a known vulnerability.


Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members