A little over a week after being discovered, the OpenSSL Slapper worm has started slowing down. Some 7,000-10,000 servers have been infected, which pales in comparison to Code Red’s 400,000 or Nimda’s 86,000 last year. Fortunately, the worm’s P2P network was not utilized to cause any severe damage, although Symantec claims that a few companies experienced denial of service attacks. One weakness in Slapper’s design was that any computer could join the P2P network, which
allowed security researchers to figure out which systems were infected, contact their administrators, and block out attacking IPs. Some have also proposed using Slapper’s network to issue commands to delete itself, though that raises liability problems and the risk of accidental damages.

On a related note, ISS has released a free detection and removal
tool for the worm – hopefully it will help further reduce the number of active infections out there.

(N-Stalker Security Force)