virus
virus

Arrest for Slapper author

But a new variant is already out there

James Middleton

A suspect has been arrested on suspicion of authoring the Slapper worm.

But although the threat of the worm seems to have been shortlived, a new variant is already set to take up where its predecessor left off.

Advertisement

David Morgan, senior consultant for Internet Security Systems (ISS), revealed the news of the arrest.

"Slapper mailed the addresses of infected machines back to an email address in the Ukraine," he said. "This email was checked from a traceable location and, as a result, a 21-year-old male has been arrested by the authorities."

Meanwhile, the Internet Storm Centre (ISC), run by the Sans Institute, has declared the internet back on green alert or situation normal after the worm, which preyed on vulnerable Apache web servers throughout last week, appeared to be dying out.

With around 6,000 machines infected, the ISC last week declared a yellow alert. But Slapper's threat petered out before the worm hit anything like Code Red or Nimda proportions, which affected 400,000 and 86,000 servers respectively.

Although the ISC's 'most attacked ports' chart no longer features Slapper in its Top 10 a variant, Slapper.B, has been spotted in the wild.

Slapper.B has several subtle differences, but is for the most part an updated version of its predecessor.

Both worms attempt to exploit a known vulnerability in the Secure Sockets Layer 2.0 (SSLv2) handshake process. The two variants also carry the same payload, a password-protected backdoor and denial of service (DoS) capabilities.

ISS's Morgan said that with the new variant on the loose his company had calculated that about 10,000 servers were probably now infected, and that the network was probably going to be used for DoS attacks. He added that it was unlikely the original author created the second worm.

"It was significant that source code for the original Slapper was distributed within the computer underground immediately after the worm was detected in the wild," he said.

"The code has probably been borrowed," he added

Some security watchers have suggested that the original worm was built on the blueprint for a concept attack known as peer-to-peer UDP Distributed DoS (PUD).

Morgan said that this was possible, since the code would make a good blueprint for new variants and could be tweaked to attack other operating systems.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Further reading

Third slapper worm hits the street

Hackers eye virus as base for development

Slapper worm spreads its disease

Internet on yellow alert

Related whitepapers

Related jobs

Most watched

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

Xperia X1

Video Review: Sony Ericsson Xperia X1

First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1

IT white papers

Search white papers

Top categories

Poll

Poll: Summer smartphones

Poll: Summer smartphones

Which smartphone will you be taking to the beach this summer?

View poll results

Advertisement

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Spotlight

Google Chrome

Microsoft has no need to worry about Chrome OS

Redmond may actually welcome the new arrival

Dr Aladdin Ayesh

Is it time for the Turing Test to retire?

It is nearly 60 years since Alan Turing devised a...

Security double standards

Broadband provider Tiscali has launched new figures showing an alarming...

Beach

Top 10 holiday gadgets

A wry look at the must-have beach items for any...

Primary Navigation