Computer Worm Slows Worldwide Traffic

A worm that attacks the Microsoft SQL Server 2000-based web servers virtually halts traffic in some parts of the world. But security experts have known about it since July.
Posted January 26, 2003
By

Bob Liu


A worm that computer security officials have known about since last summer virtually halted Internet traffic over the weekend in some parts of the world.

The worm, reportedly called "Sapphire" or "Slammer," affected servers through a well-publicized vulnerability in Microsoft SQL Server 2000. Once it attaches to a server it transmits multiple data requests in a random manner to other addresses on the Internet looking for more vulnerable servers to infect. Because of the self-replicating nature, it quickly spread. MSNBC reported that as many as 25,000 servers were affected. Reuters reported the worm crashed almost all Internet services in South Korea and slowed systems in Japan, Europe and the United States. Overall, five of the 13 root nameservers for the Internet were disabled, according to Slashdot.

But last July's original security advisory about the vulnerability certainly wasn't the first time SQL users were told to patch their systems. Nor was it the only time. Yet system administrators were still left scrambling over the weekend to recover from the latest fiasco.

"People need to do a better job about fixing vulnerabilities," Howard Schmidt, President Bush's No. 2 cyber-security adviser, told the Associated Press.

Worse yet, the worm was remarkably similar to the Code Red worm, which in July 2001 again plagued Microsoft users that relied on its now notorious Internet Information Services (IIS) web server.

CERT issued an advisory on Saturday. The patch has been available here from the Microsoft TechNet site for some time now.






0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.