OpenSSL Worm Slowing Down

By N-Stalker Team on September 20, 2002

A little over a week after being discovered, the OpenSSL Slapper worm has started slowing down. Some 7,000-10,000 servers have been infected, which pales in comparison to Code Red’s 400,000 or Nimda’s 86,000 last year. Fortunately, the worm’s P2P network was not utilized to cause any severe damage, although Symantec claims that a few companies experienced denial of service attacks. One weakness in Slapper’s design was that any computer could join the P2P network, which
allowed security researchers to figure out which systems were infected, contact their administrators, and block out attacking IPs. Some have also proposed using Slapper’s network to issue commands to delete itself, though that raises liability problems and the risk of accidental damages.

On a related note, ISS has released a free detection and removal
tool for the worm – hopefully it will help further reduce the number of active infections out there.

(N-Stalker Security Force)

This entry was posted in Previous Security Advisories. Bookmark the permalink.