Panda Software Reports on Variants B and C of the Linux/Slapper Worm

Panda Software’s Virus Laboratory has discovered two variants of the Linux/Slapper worm, reported by the European antivirus developer last week. The new worms, called Linux/Slapper.B and Linux/Slapper.C, are very similar to their predecessor, although they differ in the number of the UDP port they use to carry out attacks on affected computers and the Linux distributions subject to infection.

The three worms use a known buffer overflow vulnerability found in the OpenSSL component of Apache Web servers installed on certain Linux distributions, such as some versions of Mandrake, SuSe, Slackware, RedHat, Debian and Gentoo.

Linux/Slapper searches for vulnerable computers over the Internet. On finding them, the worm opens a backdoor in the system through a UDP port, which could lead to a remote distributed denial of service attack. Depending on the worm’s variant, the port used to launch the attack could be 2002 (Linux/Slapper), 1978 (Linux/Slapper.B) or 4156 (Linux/Slapper.C).

Panda Software has already made the corresponding update for its antivirus available to its clients. This update, which detects and removes the three variants of Linux/Slapper, can be downloaded from http://www.pandasoftware.com. More
technical details about these malicious codes in Panda Software’s Virus Encyclopedia at
http://service.pandasoftware.es/library/virusCard.jsp?Virus=Linux/Slapper (Linux/Slapper),
http://service.pandasoftware.es/library/virusCard.jsp?Virus=Linux/Slapper.B (Linux/Slapper.B) and
http://service.pandasoftware.es/library/virusCard.jsp?Virus=Linux/Slapper.C (Linux/Slapper.C).

About Panda Software’s virus laboratory

On receiving a possibly infected file, Panda Software’s technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.




Share this