this is amazing and could have been very nasty....

Early one Saturday morning last January someone sent 376 bytes of code inside a single data packet to a SQL Server. That packet — which would come to be known as the Slammer worm — infected the server by sneaking in through UDP port 1434. From there it generated a set of random IP addresses and scanned them. When it found a vulnerable host, Slammer infected it, and from its new host invented more random addresses that hungrily scanned for more vulnerable hosts.

Slammer was a nasty bugger. In the first minute of its life, it doubled the number of machines it infected every 8.5 seconds. (Just to put that in perspective, in July 2001 the famous Code Red virus doubled its infections every 37 minutes. Slammer peaked in just three minutes, at which point it was scanning 55 million targets per second.)

Then, Slammer started to decelerate, a victim of its own startling efficiency as it bumped into its own scanning traffic. Still, by the 10-minute mark, 90 per cent of all vulnerable machines on the planet were infected. But when Slammer subsided, talk focused on how much worse it would have been had Slammer hit on a weekday or, worse, carried a destructive payload....

 

Ouch - think I'll use that one next time I'm discussing security and AV with a customer. I did a course a few weeks ago where we spent some time discussing SQL attacks - very scary stuff. Makes you think twice about SQL databases!

Chris