The Slapper worm, which draws infected machines into a network that can be used to attack other computers, has mutated into two new forms, and is proving surprisingly difficult to kill off, according to antivirus companies.
Several virus vendors reported variants of the original Slapper.worm.A, called Slapper.worm.B, or "Cinik", and Slapper.worm.C, or "Unlock", appearing this week. The variants have slight differences to the original worm, but all use basically the same method of propagation.
The worm exploits a flaw in the open-source security component used with many Linux-based Apache Web servers. Known as the secure sockets layer (SSL), the component is commonly used by e-commerce sites to secure transactions between the customer's computer and the company's server. Slapper attacks Apache SSL servers running on Red Hat, SuSE, Mandrake, Slackware and Debian Linux. Antivirus firm F-Secure, based in Helsinki, estimates that there are more than one million Apache servers running SSL, many of which have not been patched.
The worm's threat appeared to level off and decline last week, after it had infected only around 15,000 machines -- far short of more disastrous worms such as Code Red, which hit 400,000 computers. But it is still creating a nuisance in more than 100 countries, according to F-Secure, with more than 120 businesses in Australia alone infected by Slapper.worm.B.
News source: ZDNet