Slammer time - SQL worm brings net to its knees over weekend

January 27, 2003

[From silicon.com]

A worm that attacks Microsoft's database software spread through the internet over the weekend, causing cash machines to stop issuing money, taking most of South Korea offline, and generally slowing down the internet.

The worm, known as SQL Slammer, takes advantage of a bug that was discovered last July in Microsoft's SQL Server database software. Although a patch has been available since then, many system administrators have failed to install the patch, leaving their computers vulnerable.

The result: chaos.

Anti-virus firm F-Secure said the effects were so marked because the worm generates massive amounts of network packets, overloading servers and routers and slowing down network traffic.

SQL Slammer's code instructs the Microsoft SQL Server to go into an endless loop, continually sending out data to other computers, in effect performing a denial of service attack, F-Secure said, comparing the slowdown to the impact of the Code Red virus, which brought internet traffic to a halt in the summer of 2001.

The first reported attacks of SQLSlammer were recorded around 05:30 GMT on Saturday morning, and it has been subsequently reported in many countries across the globe, said anti-virus firm Messagelabs. Unlike mass-mailing worms, SQL Slammer does not write files to a computer's hard disk but resides in memory. While this makes it easy to remove - a computer simply has to be rebooted - it also makes it difficult for anti-virus software to detect it, said Messagelabs. And as soon as a rebooted computer is reconnected to the internet, it will be vulnerable to reinfection unless it has first been patched.

The article continues at http://www.silicon.com/public/door?REQUNIQ=1043674601&6004REQEVENT=&REQINT1=57184&REQSTR1=newsnow