The Growth and Management of the SQL Slammer
Introduction to a virus that changed the way that computers work
The SQL Slammer was created in 2003 and it is primarily known for denying services for some internet hosts during its heydays. In some instances it led to a dramatic slowdown of the internet. A specific window was identified to start from 05.30 UTC on the 25th of January 2003. There were 75,000 victims who were targeted in just 10 minutes. Christopher Rouland named it after Michael Bacarella brought it to the attention of the general public. Despite its unique title, this program did not use SQL language formats. Instead it exploited the buffer overflow bug within the Microsoft service and Desktop engine database. This had been released half a year earlier in MS02-039. The names that were associated with the invasion included W32.SQLExp.Worm and DDOS.SQLP1432.A. It was also known as the Sapphire worm.
Specifications for the malware
When assessing the impact of the SQL Slammer virus, websites such as the Internet Storm Center were useful for monitoring traffic patterns. They reported that there was a significant reduction in the speed of the traffic within the affected domains. Some people claimed that the impact was similar to that which was experienced when Code Red was in full operation during the summer of 2001. The Yonhap news agency in South Korea released reports that internet services had been shut down for significant periods of time. Although it occurred over the weekend, there were still people who were affected by the lack of access to the basic resources that the online sector had to offer. Reports then spread to Europe and North America.
Spreading technical problems for computer users
According to the Symantec anti virus software maker, there were 22,000 systems that were affected by the changes. For example the Microsoft SQL Server Desktop Engine MSDE was affected. The number of systems within the loop constantly increased. Many users were not even aware that they had been affected until things continued to deteriorate. Where a computer was running the MSDE, its connection to the internet would attract the attention of the viral elements which would then go on to cause havoc. With 8.5 seconds the impact of the virus could actually double. This meant nearly endemic levels of bad service delivery. Within 10 minutes, 90% of all vulnerable machines were effectively infected.
The dimensions of the SQL Slammer malware package
David Litchfield was responsible for discovering the buffer overflow vulnerability. This was discussed at the Black Hat briefings. The relatively small piece of code was able to generate random IP addresses. These would then land on actual computers and begin the infection. Your system would be especially vulnerable if it runs an un-patched copy of the MSSRS.
Call Toll Free: 1- 888- 901- GEEK (4335)
Leave a Reply