F-Secure warns about a new Linux web worm

Helsinki, Finland - September 14, 2002

F-Secure Corporation is warning about a new network worm called Slapper. Slapper is a network worm that spreads on Linux machines, using a flaw discovered in August 2002 in OpenSSL libraries. The worm was found in Eastern Europe late on Friday 13th, September 2002.

The worm typically affects Linux machines that are running Apache web server with SSL enabled. Apache installations cover more than 60% of public web sites in the internet. It could be estimated that less than 10% of those have enabled SSL services. SSL is most often used for online commerce, banking and privacy applications.

Once a machine gets infected, the worm starts to spread to new systems. In addition, the worm contains code to create a peer-to-peer attack network, where infected machines can remotely be instructed to launch a wide variety of Distributed Denial of Service (DDoS) attacks.

The worm works on Intel-based machines running Linux distributions from Red Hat, SuSE, Mandrake, Slackware or Debian. Apache and OpenSSL must be enabled and OpenSSL version must be 0.96d or older.

Slapper is very similar to the Scalper Apache worm, which was found in June 2002. The basic theory of operation is similar to the first widespread web worm, Code Red. Code Red infected more than 350000 websites running Microsoft IIS in July 2001.

"It is still early to say whether this will become a major problem or not", comments Mikko Hypponen, Manager of Anti-Virus Research at F-Secure. "In any case, we urge all Linux webmasters to make sure their systems are secured against this attack."

Detailed description of the worm as well as a screenshot are available at: http://www.f-secure.com/v-descs/slapper.shtml

About F-Secure

F-Secure Corporation is the leading provider of centrally managed security solutions for the mobile enterprise. The company's award-winning products include antivirus, file encryption and network security solutions for major platforms from desktops to servers and from laptops to handhelds. Founded in 1988, F-Secure has been listed on the Helsinki Exchanges since November 1999. The company is headquartered in Helsinki, Finland, with the North American headquarters in San Jose, California, as well as offices in Germany, Sweden, Japan and the United Kingdom and regional offices in the USA. F-Secure is supported by a network of value added resellers and distributors in over 90 countries around the globe. Through licensing and distribution agreements, the company’s security applications are available for the products of the leading handheld equipment manufacturers, such as Nokia and Compaq.

For more information, please contact:

Mikko Hyppönen, Manager, Anti-Virus Research
F-Secure Corporation
Tel. +358 9 2520 5513
Email: Mikko.Hypponen@F-Secure.com