Apache Worm in the Wild

codewolf writes "It has been reported to bugtraq by Domas Mituzas that a worm that exploits the Apache chunk bug has been found in the wild. Information on the worm can be found here. More information on the Apache bug can be found here, and patches can either be made by modifying your config file or upgrading your Apache version."

And why is this not on the front page?

[|DaBuzz|]

How odd ... a site that caters to those who use open source software are continually bombarded with reports of how IIS is swiss cheese on the front page, yet when critical OPEN SOURCE security issue comes about, it comes out regarding one of the most, if not THE most used open source application in the world, it is a day late and not published on the front page.

It would appear that the posting security advisories on this site are not to HELP admins, but instead to bash those you don't like.

Re:Is this x86 only?

[You'reAFuckingMoron]

I'm not an expert on this type of thing, but it looks like the worm caught in the honey-pot is BSD/x86 only.

It appears to be based on the GOBBLE exploit which was released a few days ago, which was BSD only in the form posted on BugTraq. However, GOBBLES claim their exploit can be modified to work on OpenBSD, FreeBSD, Linux 2.4, and Solaris.

There have also been claims that Win32 Apache is vulnerable, although I haven't seen an exploit on BugTraq. If GOBBLES is correct, then it's only going to be a matter of time before this worm is polished up and set out into the wild in a form that can hit just about everyone. Hell, with some work, maybe a good hacker could clean it up, add it with the Nimda code and hit just about everything under the sun.