NEWS FROM THE LAB - Thursday, September 13, 2012

Slapper Posted by Mikko @ 08:52 GMT

Ten years ago, one of the largest Linux worm outbreaks was underway. Known as Slapper, the worm infected Linux machines via an OpenSSL vulnerability. Infected Linux servers were organized into a P2P network which could then be used to launch DDoS attacks.


Although Slapper was not the first Linux worm (at least ADMworm and Ramen were found before it), it was the biggest case of its time. We spent quite a bit of time analyzing the case. In the end, we infiltrated the P2P network and worked with CERTs around the world to bring it down.

Global Slapper Information Center

In 2002, Linux wasn't as popular as it is today. In 2012, most web servers are running on various Linux distributions. Linux versions are the most common OS in embedded and factory automation systems. And of course, it's the most common operating system in smartphones.

Nevertheless, malware was not really a problem for Linux users for years and years.

But in the end, it was Android that became the Linux distribution that brought the malware problem to Linux world in large scale.