"Mighty" may be the fifth variant of Slapper to hit the Internet since the original worm was released last week. However, because of the different naming conventions used by security companies, the worm may be too similar to another version, Slapper.D, to be considered a variant. Slapper.D, also known as "DevNull," appeared on the Internet on Monday, according to security software firm Symantec. While the original Slapper worm and previous variants all created a homegrown peer-to-peer network to communicate among themselves, DevNull used a well-known hacking tool -- called "Kaiten" -- to let the compromised servers talk with their creator via a channel on Internet chat, said Elias Levy, security architect for Symantec. Levy expects more variants, but he believes that the tactic of using the SSL (secure sockets layer) vulnerability to bypass security is past its prime. "The number of infected systems has been reduced," Levy said. "Different antivirus vendors have been e-mailing the people in charge of those (infected) machines." In some cases, Levy said, gray hat hackers in the underground have used the peer-to-peer network against itself, sending commands from one compromised server across the homegrown network to shut down other, infected computers. Other variants of the Slapper code merely changed the port--a software address that computers use to talk to each other over the Internet--that the worm used as the communications channel for the peer-to-peer network. Slapper itself is a Linux variant of another worm, Scalper.c, which didn't get far because it only targets OpenBSD systems, a far smaller pool of computers. In any event, Scalper is on the way out, said Roger Thompson, director of malicious-code research at security service provider TruSecure. "We know that most people, but not everybody, are going to patch their systems," Thompson said. A few, old machines that aren't well administered will keep the worm alive for some time, but it shouldn't infect many more computers. "I think that the Slapper things are just going to become background noise," Thompson said.
For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.
Have your say instantly, and see what others have said. Go to the Security forum.
Let the editors know what you think in the Mailroom.
