It has been a long time in the coming, but this week`s Apache Linux worm, Slapper.Linux.Worm, proves that it is as possible for an "open source" worm as a Windows worm to mount a large(ish) attack on the growing number of Linux machines now in use. As such, it could well go down in the history books as the first of a wave of open source worms.
Now that the methodology is proved to work, expect many more.
Alastair Otter, Journalist, ITWeb
There have been Linux viruses in the past, the most recent of which was the Lion worm, but as a whole worms and viruses have been something that Linux and open source users have needed to pay little attention to. So much so that the Linux operating system is widely used to protect against viruses, particularly in the growing Internet appliance market.
The Slapper worm may not have brought down the Fortune 500 companies overnight and it may not have crippled home and office users alike, but it does prove that large-scale Linux attacks are possible.
Or perhaps not. What Linux does have in its favour is the almost chaotic development and use patterns of its user base. Linux still has a long way to go before every user is using the same mail client on the same distribution with the same access privileges. Until that time, there is no quick and obvious way into a Linux desktop.
Instead, Linux writers will have to look for another route into Linux boxes, most likely through known bugs and flaws in widely used applications, which ensures that the writer needs more than a passing knowledge of the system.
Slapper proves that this is possible. The worm forces Linux boxes running the Apache Web server to return an error message by sending it an incomplete command. When the server replies, it identifies itself, by default, with its name and version. Using this information the worm then exploits a known hole in the OpenSSL tool.
Of course, users who upgraded OpenSSL in early August when this was first announced were unaffected. Also, those users who set up Apache properly would probably not have identified themselves to the worm.
The good news is that the worm`s impact was relatively small in comparison with those that plague the Windows platform. The bad news is that it is time for open source users to realise that nothing is secure. As Linux usage grows, so do the skills that go with it and it can`t be far off that a worm like Nimda starts bringing down open source servers around the world.
Now that the methodology for attacking Linux machines has been proven to work, we can expect a whole host of new worms based on the same premise and perhaps much of the same code.
Share