An analysis of the Slapper worm

We can prove that the Slapper is a variation of the Apache Scalper worm by comparing the source code. Modifications introduced in the Slapper worm improved the robustness and efficiency of its predecessor´s simplistic P2P networking capabilities. Slapper´s author also removed certain features from the original-either because they were redundant or to reduce the perception that it was a tool developed to cause direct harm to networks. Among the features the author removed from the Slapper were capabilities to update itself from a remotely specified Web server (perhaps to prevent someone else from replacing this version with a new one), to attack and infect a host specified with a controlling program, and to send spans. Interestingly, the ability to execute distributed denial-of-service attacks on a controlling user´s behalf was kept intact. Slapper´s author attempted to make communications with a remote controlling program as stealthy and untraceable as possible by removing several commands to query status and obtain feedback from Slapper nodes.