Security experts seem concerned about a worm that has been released. There are claims that the worm is able to exploit unpatched versions of Apache (the Internet’s most popular webserver software) on any operating system. Origianlly, the analysis implied that the exploit was only for Windows installations, but a version has been infecting FreeBSD systems loaded with Apache over the past few days.
Most experts seem to agree that the worm, which has yet to be named by security analysts, is creating a flood net, or a group of compromised computers to be used in a distributed denial of service attack, but Marc Maiffret (chief hacking officer for eEye Digital Security) adds that it’s possible that this worm could be up to something more sinister.
Of course, Apache released a patch several days ago, which can be found here along with the full advisory text. So, once again, the moral of the story is that running a public server or network isn’t an idle task. If you haven’t yet, patch up your copy of Apache ASAP.
[Source: C|Net News]