#1 reporte, virus para linux
New Linux Worm - ELF_SLAPPER.A (Low Risk)
------------------------------------------------------------------------
This Linux worm launches a distributed denial of service (DDoS) attack. It uses the User Data Protocol (UDP) to execute the attack, and takes advantage of a buffer overflow vulnerability in OpenSSL 0.9.6d, 0.9.7-beta2 and earlier versions. UDP is a protocol that allows connections even to unstable machines, since it does not require error checking.
Upon execution, it connects to a remote machine using the UDP protocol on a specified port. It allows remote users to execute arbitrary code via a large client master key in SSL2 or a large session ID in SSL3. This exploit appears to determine how this worm attacks a host based on the information returned by the server on itself and its version.
This worm links by providing each machine with a list of available machines. Using a technique called broadcast segmentation combined with TCP-like functionality, this worm ensures that another machine on the network receives the broadcast packet, which it then segments again. Thereafter, it recreates the packet and sends it to other hosts.
This worm attempts to connect to Port 80. Once connected, it sends an invalid GET request to a server to identify whether the machine is an Apache system. Once it finds an Apache system, it attempts to connect to port 443 and sends the exploit code to the listening SSL service on the remote system.
It arrives on the target system as a source code with the filename ".bugtraq.c". It uses a Linux shell code exploit that runs only on Intel systems. In order for the code to execute properly, it requires the presence of the shell command /bin/sh. It recompiles itself on each new system. The binary code generated after compilation is executed with an IP address as a parameter. This IP address is the address of the attacking machine and is used to create a network of worm infected systems, which would launch the distributed denial of service attack.
------------------------------------------------------------------------
This Linux worm launches a distributed denial of service (DDoS) attack. It uses the User Data Protocol (UDP) to execute the attack, and takes advantage of a buffer overflow vulnerability in OpenSSL 0.9.6d, 0.9.7-beta2 and earlier versions. UDP is a protocol that allows connections even to unstable machines, since it does not require error checking.
Upon execution, it connects to a remote machine using the UDP protocol on a specified port. It allows remote users to execute arbitrary code via a large client master key in SSL2 or a large session ID in SSL3. This exploit appears to determine how this worm attacks a host based on the information returned by the server on itself and its version.
This worm links by providing each machine with a list of available machines. Using a technique called broadcast segmentation combined with TCP-like functionality, this worm ensures that another machine on the network receives the broadcast packet, which it then segments again. Thereafter, it recreates the packet and sends it to other hosts.
This worm attempts to connect to Port 80. Once connected, it sends an invalid GET request to a server to identify whether the machine is an Apache system. Once it finds an Apache system, it attempts to connect to port 443 and sends the exploit code to the listening SSL service on the remote system.
It arrives on the target system as a source code with the filename ".bugtraq.c". It uses a Linux shell code exploit that runs only on Intel systems. In order for the code to execute properly, it requires the presence of the shell command /bin/sh. It recompiles itself on each new system. The binary code generated after compilation is executed with an IP address as a parameter. This IP address is the address of the attacking machine and is used to create a network of worm infected systems, which would launch the distributed denial of service attack.
0
