by Geoffrey James

Worm Attack Wiggles into Linux Servers

Jan 01, 20032 mins
IT Strategy

Just when you thought Linux was safe, there comes along a well-documented threat that demonstrates the OS’s vulnerability.

In September, the program Linux.Slapper.Worm spread itself through some 10,000 servers running the Apache Web server software. Though it was not considered a serious threat (the virus rated a 2 out of 5 on Symantec’s severity scale), the worm installed backdoors, set up peer-to-peer networks between hundreds of infected systems and launched countless denial-of-service attacks.

This incident wasn’t the first virus to hit Linux, and it certainly won’t be the last. “As the installed base of Linux grows, we expect to see more such incidents,” says Kevin Haley, group product manager at antivirus software maker Symantec in Cupertino, Calif. And because the Linux community has reached a critical mass of millions, Linux.Slapper.Worm spells Linux’s coming of age as a security target. IDC analyst Dan Kusnetzky says that of the 5.7 million server OS licenses sold in 2001, about one in four (26 percent) were Linux. Forty-nine percent were for Windows, and another 12 percent were for Unix, he says. (IDC and CIO’s publisher have the same parent company.) IDC estimates that every paid Linux license spawns between 12 and 15 replicas. That’s a tempting target for virus writers, Haley says. “As the installed base grows, we expect to see more incidents,” he warns.

But don’t panic. Linux viruses, which now make up about 1 percent of the Sophos antivirus library, probably won’t become commonplace, says Jack Cooper, the former CIO of drug company Bristol-Myers Squibb who founded JM Cooper & Associates, a supply chain and ERP consultancy. “Linux is built around the Unix security model, which is a relatively uninhabitable place for viruses,” he says. Linux and its accompanying Apache Web server “have been exposed, attacked and patched for a much longer time than comparable Microsoft products,” he says.

The Linux community “bands together to fix the problem” when one gets identified, adds Kusnetzky. That’s comforting. But don’t expect a panacea. “As soon as you say you don’t have a problem, somebody will try to prove you wrong,” Symantec’s Haley says. “Never underestimate the determination of a rogue programmer.”