Computer Crime Research Center

Worm creates P2P attack network
(By Bob Sullivan, MSNBC)

Anti-virus firms are ringing the alarm bell over the a new computer worm that s currently amassing an army of infected Web servers, designed to initiate massive denial of service attacks.

The Slapper worm s march through cyberspace began late Friday and it s already infected over 17,000 machines SLAPPER IS REMINDING some analysts of last year s Code Red and Nimda worms which threatened to slow down the entire Internet.

Since the worm attacks only computers running the Linux operating system, it s not a direct threat to most home users. But it could threaten major Web sites and Internet service providers, according to Alfred Huger, senior director of engineering at Symantec Corp. s security response team.

There is the potential for it to be remarkably serious if the (denial of service) networks are turned against targets, Huger said, It s a problem waiting to happen.

Slapper is insidious because it instructs each infected to join a peer-to-peer network, not unlike Napster. Already, three separate networks have sprung up; one with 11,000 infected hosts, one with 6,900, and a third that researchers haven t managed to measure yet. Each network can be controlled by any of the infected machines; so anyone who understand the worm could turn the entire network of machines into a powerful denial-of-service attack tool, Huger said. Denial-of-service attacks were used in a now infamous string of incidents that knocked Yahoo, Amazon, CNN, and other high profile Web sites off the Internet in 1997.

There are a great many compromised hosts are on well provisioned networks, Huger said. It could take down a significant site.

The Slapper peer-to-peer network has already been used to attack and disable high-profile targets, according to a statement issued by Internet Security Systems Inc. Huger said one of the networks was currently attacking computers at a security company, but he wouldn t reveal which one.

Infections from more than 100 countries so far. (It s) Pretty bad, said F-Secure Corp. spokesperson Mikko Hypponen. Slapper only affects Linux machines running the Apache Web server software; but that s a significant part of the Internet. F-secure estimates 60 percent of the Net s Web sites are served up by Apache machines.

F-secure estimated 1 million computers are vulnerable to Slapper, which exploits a flaw found in an Apache component back in July.


Home | What's New | Articles | Links
Library | Staff | Contact Us

Copyright Computer Crime Research Center 2001, 2002 All Rights Reserved.
Contact the CCRC Office at 380-612-735-907