The Slapper Worm
Unknown to some, Linux is one of the most reliable operating systems on the market. This platform is built with numerous security features, making the threat of malware insignificant to many users. Even though Linux hasn't been as prone to infection as Windows, the system has had seen its share of worms and viruses.
Staog was the first virus written for Linux, trailed a few years later by Bliss. While they raised a bit of concern in the industry, these two infections were far from devastating and quickly resolved with patches and user intervention. Worm infections, on the other hand, posed a significant threat to personal users and network administrators alike. One of the most notorious of was was the Slapper worm.
The Dangers of the Slapper Worm
The Slapper worm was first discovered in September 2002 on Friday the 13th. It employed a source code propagating method used in the infamous Morris Worm, the first computer infection to be labeled as a "blended threat." This program spread so quickly that it infected thousands of servers throughout the world within a matter of days. The Slapper worm took advantage of vulnerabilities in older versions of Apache web servers using peer-to-peer protocol.
Aside from propagating to other machines, the worm has the ability to act as a backdoor on the host computer. This enables a potential intruder to run system commands and launch multiple attacks against other computers, practically giving them complete control of the system. Once created, the backdoor accepts a large number of commands, which may include flooding remote systems with various network packets, downloading binary from a remote system and executing it, sending emails, and reporting data on the compromised machine.
Patching Linux Security
Over the weekend of September 13th, F-Secure's anti-virus lab found a way to reverse engineer the protocol the Slapper worm used to exploit the Linux system. This allowed F-Secure to access the Slapper network attack by posing as an infected Apache server. The false server gave them the ability to specify the exact amount of infected computers, along with their IP addresses.
F-Secure worked in conjunction with 14 CERT organizations in the process of warning administrators about their infected servers. This approach was received well by many companies, enabling the industry to rebound quickly and contain the worm.
The Slapper worm that once posed a significant threat to the Linux operating has since been neutralized by specialists at F-Secure. In what is said to the first move of this kind by any anti-virus company, F-Secure successfully located the root of the problem and warned the industry in just enough time. The company followed up their efforts by offering a free version of their anti-virus software so that Linux users could remove the infection from their systems.
Linux remains as one of the safest systems on the market. However, the Slapper worm is an example that this reliable system can indeed be infected by malicious software. While not recommended by all, a Linux system can achieve a greater level of security with anti-virus software.