Linux Worm Spreading, Many Systems Vulnerable Date: Sunday, September 15 @ 12:25:47 Topic Security A GNU/Linux worm exploiting a bug in OpenSSL spreads through vulnerable Apache web servers, according to Symantec. The worm, which was first reported in Europe, targets several popular Linux distributions. See also the SecurityFocus vulnerability listing for the OpenSSL bug. To protect yourself please upgrade to OpenSSL 0.9.6g or if you can, disable you Apache OpenSSL module all-together. New releases of anti-virus software will also detect this worm. See the Sophos analysis of the worm here. The worm, called Linux.Slapper.Worm, uses an OpenSSL buffer overflow exploit to run a shell on a remote system. The worm targets vulnerable installations of the Apache Web server on Linux operating systems which includes versions of SuSe, Mandrake, RedHat, Slackware and Debian. The worm also contains code for a Distributed Denial of Service attack. At this time over 3500 computers have been observed performing this activity, according to Symantec DeepSight Threat Management System data. This includes computers located in Portugal and Romania, where initial reports of the worm originated. This article comes from South West (UK) Linux User Group http://www.southwestlug.uklinux.net/ The URL for this story is: http://www.southwestlug.uklinux.net/modules.php?op=modload&name=News&file=article&sid=77