Slammer Attack Wanes But Debate Heats Up

After tying up email and online business for nearly three days, the attack
of the Slammer worm seems to be over.

“It’s over now. I really hope so,” says Mikko Hypponen, manager of
anti-virus research in F-Secure’s Helsinki, Finland office. “The worst
didn’t happen on Monday. I was a little bit worried about it. The peak in
the U.S. was much, much smaller than it was on Monday in Europe. It was
surprisingly worse in Europe.”

Security analysts from around the globe had worried that the opening of the
business week yesterday would bring on a new wave of the worm that had
slowed or halted Internet traffic throughout Asia, Europe and North America
over the weekend.

The Slammer worm, which takes advantage of a known
vulnerability in Microsoft Corp.’s SQL 2000 Web servers, disrupted business,
Web browsing, ATM banking and even some telephone service.

The worm, which still garnered F-Secure’s second-highest security alert,
spiked Internet traffic when business started in Europe yesterday and then
again when business commenced in the United States.

While Slammer doesn’t
damage the infected machine or delete or change files, it generates massive
amounts of network packets, overloading servers and routers, slowing down
network traffic — sometimes bringing it to a complete stop under the weight
of the attack.

Security analysts say they are not expecting any further spikes caused by
the Slammer worm. Various governments, which reportedly include the U.S. and
South Korea, are now tracking down whoever released the worm into the wild.
Initial investigations are pointing to the worm originating in China.

The Blame Game

And now that the Slammer, also known as Sapphire, is under control, analysts
and corporate IT managers are laying blame and trying to figure out how the
worm could cause such global disruption.

Slammer’s rampage was completely dependent on a known vulnerability going
unpatched. Microsoft released a patch for the problem last summer, but
obviously many network administrators did not install it, leaving an opening
for the attack to spread far and fast around the world.

Analysts also point out that many home users are running SQL on their
machines and don’t even realize it. The software often comes bundled in
third-party software packages, including games. If users don’t know it’s
there, they’re obviously not going to install needed patches for it.

But the bulk of the problem came from unpatched corporate networks. And
today talk is about who is at fault. Were network administrators negligent
or were they too overworked and understaffed to be able to manage the
situation properly? Are administrators not properly trained to distinguish
serious flaws out of the thousands of vulnerabilities that are discovered
every year? Is Microsoft to blame for releasing a patch too complicated to
install efficiently?

Security analysts say the answer lies in a combination of all of the above.

“Administrators are inundated with vulnerabilities and patches,” says Dan
Woolley, a vice president at Reston, Va.-based SilentRunner, Inc., a network
security company. “There are so many patches coming out on any given
system…you have to prioritize them. You can’t install them all. How do
you know what you’re supposed to do?”

And Woolley says the recent spate of layoffs and budget cuts is only adding
to the problem.

“If you don’t have as many people on staff, you have an increased number of
threats, and there are more and more patches coming out, you’re in a box,”
adds Woolley. “You put that all together and you have a very, very dangerous
environment. It all adds up to catch yah.”

A study of 200 business PC users, conducted yesterday by Sophos Anti-Virus,
shows that system administrators blame each other for the spread of the
Internet worm.

The poll shows that 64% say that system administrators who failed to install
the latest security patches are the most at fault. Another 24% blame
Microsoft for shipping buggy software.

Patch Flood

F-Secure’s Hypponen says Microsoft should share the blame with
administrators.

“Yes, Microsoft did do the responsible thing back in July when it announced
the hole and made the patch available,” he says. “The initial reaction is
that it’s all about lazy administrators. But it’s not that simple to install
Microsoft’s patch. It’s one of the most difficult patches to install. Many
administrators probably tried installing it and gave up or didn’t install it
right.”

Hypponen notes that this past Sunday, Microsoft shipped a new version of the
patch — a more simple version — because of complaints from the admin
community.

But MJ Shoer, president of Jenaly Technology Group, Inc., a Portsmouth,
N.H.-based outsourced IT firm, says the problem lies with the overwhelming
amount of vulnerabilities and corresponding patches that are continually
flooding the industry.

“It’s the age-old battle,” says Shoer, who notes that deciding which
patches to install is like an educated crap shoot. “Patches come out so
frequently, it’s like the boy who cried wolf… If you installed them all,
it would consume the day. You have to evaluate the patches that come out and
see what makes sense to apply right away and what makes sense to keep an eye
on.”

RELATED NEWS AND ANALYSIS

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2020

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020

• Anticipating The Coming Wave Of AI Enhanced PCs

  FEATURE |  By Rob Enderle,
  September 05, 2020

• The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  August 14, 2020