If you own a computer (and if you don’t I am impressed that you are reading this) you have probably heard about the computer worm that attacked the Internet over the weekend:
- A resilient 2-day-old computer worm continued to hobble the Internet Monday, infesting computer networks in Europe, Asia and America and stoking fears it will slow data transmissions for a few more days.
Despite efforts over the weekend by companies around the world to patch their networks and stop the “SQL Slammer” worm in its tracks, the infestation continued in many regions, though below peak levels seen during Saturday’s outbreak.
“It would be very optimistic to think we could eradicate this 100 percent from the Internet,” said Graham Cluley, senior technical consultant at Britain’s Sophos Anti-Virus. “In isolated pockets, this will continue for days.”
Internet slow-downs were more scattered Monday, but firms continued to report problems as they scrambled to install fortifications against future intrusions.
South Korea, the world’s most wired country, was hit hardest by the worm. Monday it impacted stock trading as investors shied away from placing orders over the Internet, sending volumes to a 13-month low.
….The malicious code exploits a weakness in Microsoft Corp’s Windows 2000 SQL server database software, although it does not delete or otherwise touch data. It has crashed servers and congested traffic on the global network. [Reuters]
Computer security firm mi2g provides some interesting analysis of the situation:
- The distributed structure of the Internet is proving again to be sufficiently resilient to face a sustained assault from a rapidly replicating single worm that clogs bandwidth and other collateral damage, as demonstrated by Code Red, Sircam, Nimda, Bugbear and now Slammer, which carried no malicious payload. However, other strains targeting different vulnerabilities simultaneously on the desktop as well as the front, middle and back end of online servers could have a longer and more detrimental impact through business interruption on financial services, trading, transport, manufacturing and distribution.
….Despite the SQL server vulnerability patch being available since July last year, many organizations did not apply the patch partly due to a low level of awareness or priority. In many instances, server patches and service packs can cause various applications to cease functioning despite taking precautions. The sequence followed in applying patches iteratively is very significant. Before and after applying a patch or a service pack on Microsoft products, most administrators are used to rebooting their systems. All this means that applying patches is a non-trivial and increasingly expert task. As a result there is a delay when it comes to applying patches for known vulnerabilities. The vendor assumption that patches will be applied by customers is proving to be flawed in the light of events like Slammer. The alternative regime of automated patching can also prove to be inadequate for legacy IT systems running older application versions, which can sometimes start to malfunction after the application of a new patch.