Slammer virus facts
12 December 2003, 10:42 PM
#1
Scooby Regular
Thread Starter
Join Date: Jun 2002
Location: Switzerland
Posts: 643
Likes: 0
Received 0 Likes
on
0 Posts
this is amazing and could have been very nasty....
Early one Saturday morning last January someone sent 376 bytes of code inside a single data packet to a SQL Server. That packet — which would come to be known as the Slammer worm — infected the server by sneaking in through UDP port 1434. From there it generated a set of random IP addresses and scanned them. When it found a vulnerable host, Slammer infected it, and from its new host invented more random addresses that hungrily scanned for more vulnerable hosts.
Slammer was a nasty bugger. In the first minute of its life, it doubled the number of machines it infected every 8.5 seconds. (Just to put that in perspective, in July 2001 the famous Code Red virus doubled its infections every 37 minutes. Slammer peaked in just three minutes, at which point it was scanning 55 million targets per second.)
Then, Slammer started to decelerate, a victim of its own startling efficiency as it bumped into its own scanning traffic. Still, by the 10-minute mark, 90 per cent of all vulnerable machines on the planet were infected. But when Slammer subsided, talk focused on how much worse it would have been had Slammer hit on a weekday or, worse, carried a destructive payload....
Early one Saturday morning last January someone sent 376 bytes of code inside a single data packet to a SQL Server. That packet — which would come to be known as the Slammer worm — infected the server by sneaking in through UDP port 1434. From there it generated a set of random IP addresses and scanned them. When it found a vulnerable host, Slammer infected it, and from its new host invented more random addresses that hungrily scanned for more vulnerable hosts.
Slammer was a nasty bugger. In the first minute of its life, it doubled the number of machines it infected every 8.5 seconds. (Just to put that in perspective, in July 2001 the famous Code Red virus doubled its infections every 37 minutes. Slammer peaked in just three minutes, at which point it was scanning 55 million targets per second.)
Then, Slammer started to decelerate, a victim of its own startling efficiency as it bumped into its own scanning traffic. Still, by the 10-minute mark, 90 per cent of all vulnerable machines on the planet were infected. But when Slammer subsided, talk focused on how much worse it would have been had Slammer hit on a weekday or, worse, carried a destructive payload....
12 December 2003, 10:48 PM
#2
Scooby Regular
Join Date: May 2000
Location: MY00,MY01,RX-8, Alfa 147 & Focus ST :-)
Posts: 10,371
Likes: 0
Received 0 Likes
on
0 Posts
Ouch - think I'll use that one next time I'm discussing security and AV with a customer. I did a course a few weeks ago where we spent some time discussing SQL attacks - very scary stuff. Makes you think twice about SQL databases!
Chris
Chris
Thread
Thread Starter
Forum
Replies
Last Post
