Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apache Worm in the Wild

Posted by michael on from the patchy-server dept.

codewolf writes "It has been reported to bugtraq by Domas Mituzas that a worm that exploits the Apache chunk bug has been found in the wild. Information on the worm can be found here. More information on the Apache bug can be found here, and patches can either be made by modifying your config file or upgrading your Apache version."

4 of 85 comments (clear)

  1. Based off of Gobbles proof of concept? by stromthurman · · Score: 2, Insightful

    GOBBLES submitted a proof of concept apache exploit for BSD variants on the BugTraq mailing list. Based on this string found in the chunk overflow request: BLE*h*GOB I would argue that this code was very sloppy indeed. Probably stolen mostly from Gobbles with a worm wrapper thrown around it.

    --
    I have discovered a truly remarkable sig which this margin is too small to contain.
  2. Re:isn't this big news? by edhall · · Score: 3, Insightful

    (Time to blow some karma.)

    Because it isn't IIS.

    I don't use Microsoft products. I use Apache, at work and at home, on Linux and FreeBSD. But I also recognize hypocrisy when I see it. This is the Code Red of the Apache world. So far as "News for Nerds. Stuff that matters" it's more significant than 95% of what appears on the front page.

    CT and the Slashdot crew should hang their heads in shame.

    -Ed
  3. Re:isn't this big news? by |DaBuzz| · · Score: 3, Insightful

    If you notice, you'll see that they posted the "Gamespy Installer Spreads Nimda" story on the front page, yet not this.

    Yeah, and it appears that a Windows Media EULA "revelation" regarding a change (that has been in effect for a while from what I understand) is also front page news.

    So in slashdot's opinion, more "Nerds" are interested in the EULA of an app they probably don't even use than a major security issue with the web server the vast majority of them do use.

    The thing is, anti-MS posts generate more comments, i.e. ad views which equals $$$, while the truth about rampant open source vulnerabilities (in all OS's and major services) only hurt this site overall since when it's proven that open source is just as bad as proprietary software in this regard, all the slashdot rank and file will stop drinking the koolaid.

  4. Quit bitching by Reality+Master+201 · · Score: 2, Insightful

    If you can't take the anti-M$ slant, stay out of the Slashdot. It has long ago ceased to be either interesting or insightful to remark that the posters and editors of Slashdot apply a double standard when publicising security flaws, etc. Everyone knows this.
    As a note to moderators: this is not insightful. The first time someone has an idea, that is insightful. The millionth time is redundant.