F-Secure Plays Key Role In Slapping Down Slapper Worm

Helsinki, Finland - September 25, 2002

The threat of the Linux Slapper worm has been nullified by proactive anti-virus work by specialists at F-Secure. In what is believed to be the first action of its kind by an anti-virus company, F-Secure was able to identify exactly which Web servers were being infected as each infection happened, send a warning to the administrators of the infected systems, and offer a free version of F-Secure Anti-Virus for LinuxTM to remove the worm from their systems.

Across the weekend of Friday 13th, following the discovery of the worm, F-Secure anti-virus laboratory was able to reverse-engineer the peer-to-peer protocol that the worm exploits to infect machines. This enabled F-Secure to access to the Slapper attack network by posing as an infected web server. Through this false server, F-Secure was able to determine the exact number of infected machines and their IP addresses as each server became infected.

In the process of warning the administrators of the infected servers, F-Secure worked in concert with 14 national CERT organizations. This approach was highly appreciated by many companies with emails: "Thanks kindly for your warning; our customer tells us they have upgraded their server. Congratulations on a job well done.” Hugh Brown, Dowco Internet.

According to Mikko Hypponen, F-Secure’s Manager of AV research: “Slapper was a very real risk, because its peer-to-peer networking capability enabled the author to take over any or all of the infected servers. The risk was not just distributed denial-of-service attacks, but also the backdoor access and control capability it gave over key parts of Internet infrastructure. That’s why we took these measures to counter the risks it presented.”

According to F-Secure, Slapper is representative of a new breed of worms and viruses as it is as much an attack tool as it is a quickly spreading worm.

F-Secure's Global Slapper Information Center provides regularly updated information on the worm and numbers of infected servers categorized by the top-level domain. The company says it is imperative that all servers are cleaned and patched to prevent future infections as soon as possible - both to stop the spreading of the worm and to prevent unauthorised access to the infected servers.

Global Slapper Information Center can be found from: http://www.f-secure.com/slapper/

About F-Secure

F-Secure Corporation is the leading provider of centrally managed security solutions for the mobile enterprise. The company's award-winning products include antivirus, file encryption and network security solutions for major platforms from desktops to servers and from laptops to handhelds. Founded in 1988, F-Secure has been listed on the Helsinki Exchanges since November 1999. The company is headquartered in Helsinki, Finland, with the North American headquarters in San Jose, California, as well as offices in Germany, Sweden, Japan and the United Kingdom and regional offices in the USA. F-Secure is supported by a network of value added resellers and distributors in over 90 countries around the globe. Through licensing and distribution agreements, the company’s security applications are available for the products of the leading handheld equipment manufacturers, such as Nokia and Compaq.

For more information, please contact:

F-Secure Corporation
Jaana Sirkiä, Communications Manager
PL 24
FIN-00181 Helsinki
tel +358 9 2520 5290, 
fax. +358 9 2520 5017
Email Jaana.Sirkia@F-Secure.com

http://www.F-Secure.com/