Linux Worm Creating P2P Attack Network
 

By Robert Lemos
ZDNet via Walktalker Napsterites News

A new worm that attacks Linux Web servers has compromised more than 3,500 machines, creating a rogue peer-to-peer network that has been used to attack other computers with a flood of data, security experts said Saturday.

The worm seems to spreading fairly rapidly, according to security company Symantec, which early Friday detected about 2,000 infected computers that were actively attacking--a number that climbed to 3,500 late Friday. The company's security personnel could not be contacted for comment Saturday.

"It is confirmed through various sources that this worm is in the wild and actively attacking other servers," the company warned its newest advisory Saturday.

The worm targets Apache Web server installations on a variety of Linux systems, including those from Red Hat, SuSE, Debian, Mandrake and Slackware. By exploiting a security hole in the Apache OpenSSL module that enables a widely used encrypted communications service known as the secure socket layer, the worm can copy itself to new servers.

The advisory includes an analysis of the so-called Linux.Slapper.Worm's code, revealing some details of the attack network created from servers compromised by the worm.
http://zdnet.com.com/2100-1105-957988.html

- js.

Sounds like bad mojo to me. This worm and the copycats to follow will probably be used by Microsoft and it's lawyers, the RIAA and MPAA, and who knows how many politicians, as examples that open source and p2p communities are bad and unlawful. They'll use whatever angle they can use attack us, and the jerks who come up with these worms who think they're fighting back are only giving the other side more ammunition. I fear that the hype will be p2p+Linux=pure evil, and even though people who already use Linux or p2p know better, there will be many who will believe the hype.

But maybe I'm being paranoid, if the worm get's killed early on then there won't be enough time for the copyright nazis to exploit it. Maybe with a name like Linux.Slapper.Worm it won't be as feared as Code Red was.

Tripindickular!!! I thought Linux was all bad ass secure, or so Ive been let to believe by the guys that are so into it. Bet its still more secure than any version of MS OS.

A patch for this exploit has been out for over a month, and as usual, the only people affected will be those with unpatched machines. It's a little scary that the removal instructions are so hard to come by, but I've never had any interest (or need) to remove a virus before, so maybe that's par for the course. Basically, just remove the .bugtraq files in /tmp (NOT /temp as some advisories say) and kill the bugtraq process. A little strange that the worm would use port 80 to communicate (in addition to 2002), seeing as it came in via a web server, which runs port 80...

i belive it creates a peer network of infected computers
NOT a P2P network....

see my post in bytes and bits

Yeah, a peer network, like a network of peers, or a network between peers, or a peer to peer network. P2P does not imply file trading or any particular application or use. It's simply a form of communication, like client-server.