Today on Blogcritics
Home » Weekend Slammer

Weekend Slammer

Please Share...Tweet about this on Twitter0Share on Facebook0Share on Google+0Share on LinkedIn0Pin on Pinterest0Share on TumblrShare on StumbleUpon0Share on Reddit0Email this to someone

If you own a computer (and if you don’t I am impressed that you are reading this) you have probably heard about the computer worm that attacked the Internet over the weekend:

    A resilient 2-day-old computer worm continued to hobble the Internet Monday, infesting computer networks in Europe, Asia and America and stoking fears it will slow data transmissions for a few more days.

    Despite efforts over the weekend by companies around the world to patch their networks and stop the “SQL Slammer” worm in its tracks, the infestation continued in many regions, though below peak levels seen during Saturday’s outbreak.

    “It would be very optimistic to think we could eradicate this 100 percent from the Internet,” said Graham Cluley, senior technical consultant at Britain’s Sophos Anti-Virus. “In isolated pockets, this will continue for days.”

    Internet slow-downs were more scattered Monday, but firms continued to report problems as they scrambled to install fortifications against future intrusions.

    South Korea, the world’s most wired country, was hit hardest by the worm. Monday it impacted stock trading as investors shied away from placing orders over the Internet, sending volumes to a 13-month low.

    ….The malicious code exploits a weakness in Microsoft Corp’s Windows 2000 SQL server database software, although it does not delete or otherwise touch data. It has crashed servers and congested traffic on the global network. [Reuters]

Computer security firm mi2g provides some interesting analysis of the situation:

    The distributed structure of the Internet is proving again to be sufficiently resilient to face a sustained assault from a rapidly replicating single worm that clogs bandwidth and other collateral damage, as demonstrated by Code Red, Sircam, Nimda, Bugbear and now Slammer, which carried no malicious payload. However, other strains targeting different vulnerabilities simultaneously on the desktop as well as the front, middle and back end of online servers could have a longer and more detrimental impact through business interruption on financial services, trading, transport, manufacturing and distribution.

    ….Despite the SQL server vulnerability patch being available since July last year, many organizations did not apply the patch partly due to a low level of awareness or priority. In many instances, server patches and service packs can cause various applications to cease functioning despite taking precautions. The sequence followed in applying patches iteratively is very significant. Before and after applying a patch or a service pack on Microsoft products, most administrators are used to rebooting their systems. All this means that applying patches is a non-trivial and increasingly expert task. As a result there is a delay when it comes to applying patches for known vulnerabilities. The vendor assumption that patches will be applied by customers is proving to be flawed in the light of events like Slammer. The alternative regime of automated patching can also prove to be inadequate for legacy IT systems running older application versions, which can sometimes start to malfunction after the application of a new patch.

Powered by

About Eric Olsen

  • http://www.corante.com/mooreslore/20030101.shtml#19477 Dana Blankenhorn

    True “Hacking” Lives

    Back in the day (as the kids say today) a “good hack” was a tiny program that executed very quickly and did something very big. The word was powerful because computers weren’t, so efficiency was a necessity.

    Computer criminals wound up purloining the term in the 1990s, much to the dismay of their elders, so that the word “hacking” now generally means someone breaking into someone else’s box, either to steal from it or deface it.

    Well, the nasty worm that disabled Microsoft SQL databases (and some ATM nets) last weekend combined the two definitions. The worm, dubbed “Sapphire,” was just 376 bytes. This meant it was small enough to come in a single packet on a packet network.

    If you don’t want to be bothered by this nasty hack, get the Microsoft patch, make sure it works, then enjoy the irony. Then tremble a bit, because once a trick is learnt, it don’t get unlearnt.