Anti-virus firms are ringing the alarm bell over a new computer worm that’s currently amassing an army of infected Web servers, designed to initiate massive denial of service attacks. The “Slapper” worm’s march through cyberspace began late Friday and it’s already infected over 17,000 machines.
SLAPPER IS REMINDING some analysts of last year’s “Code Red” and “Nimda” worms which threatened to slow down the entire Internet.
Since the worm attacks only computers running the Linux operating system, it’s not a direct threat to most home users. But it could threaten major Web sites and Internet service providers, according to Alfred Huger, senior director of engineering at Symantec Corp.’s security response team.
“There is the potential for it to be remarkably serious if the (denial of service) networks are turned against targets,” Huger said, “It’s a problem waiting to happen.”
Slapper is insidious because it instructs each infected computer to join a peer-to-peer network, not unlike Napster. Already, three separate networks have sprung up; one with 11,000 infected hosts, one with 6,900, and a third that researchers haven’t managed to measure yet. Each network can be controlled by any of the infected machines; so anyone who understands the worm could turn the entire network of machines into a powerful denial-of-service attack tool, Huger said.
Denial-of-service attacks were used in a now infamous string of incidents that knocked Yahoo, Amazon, CNN, and other high profile Web sites off the Internet in 1997.
“There are a great many compromised hosts are on well provisioned networks,” Huger said. “It could take down a significant site.”
The Slapper peer-to-peer network has already been used to “attack and disable high-profile targets,” according to a statement issued by Internet Security Systems Inc. Huger said one of the networks was currently attacking computers at a security company, but he wouldn’t reveal which one.
“Infections from more than 100 countries so far. (It’s) Pretty bad,” said F-Secure Corp. spokesperson Mikko Hypponen.
Slapper only affects Linux machines running the “Apache” Web server software; but that’s a significant part of the Internet. F-secure estimates 60 percent of the Net’s Web sites are served up by Apache machines.
F-secure estimated 1 million computers are vulnerable to Slapper, which exploits a flaw found in an Apache component back in July.