While I agree that there's a certain amount of comeuppance involved in Slapper, I don't think it's entirely accurate to compare Code Red and Slapper aside from the fact that they spread in a similar way. IIS garnered more then 350,000 Code Red infections with less than 25% of the server market, whereas Apache has about 62% of the market and has seen about 10,000 Slapper infections. Big difference there.When the code red worm Apache users were laughting and now they have the similar slapper worm.
The simple fact is that IIS is being disproportionately targeted by attackers, and people will argue about the reason, but the reason is pretty well irrelevant. What matters is that they are succeeding, and that's what you have to look at in choosing a web server.
Reply With Quote