 |
March 2 - March 9,2003 |
Patch worth little security
The SQL Slammer worm causes havoc for computers worldwide
By Alessandro Cancian
Originally Published: 2003-02-09
 |
|
The SQL Slammer caused particular trouble in the U.S.
|
A year has passed since Microsoft Chairman Bill Gates sent a company-wide e-mail announcing Microsoft would make boosting security of its software a top priority. That e-mail either never arrived on every employee's computer, or perhaps some never took the time to open and read it.
And so, a few weeks ago a good chunk of the Net was clogged by a worm that attacked a Microsoft product. SQL Slammer, as the devastating critter is called, managed to multiply and cause damage comparable to that of Code Red.
Entire North American, European, and Asian sub-nets found themselves under the attack of a worm capable of turning some tens of thousands of servers into unknowing data spreaders, thus clogging the network, especially between Saturday night and Sunday morning.
SQL Slammer targeted machines running Microsoft SQL Server 2000 or Microsoft Desktop Engine (MSDE) 2000, two programmes that are not found on every PC but are quite frequent on servers or machines managing remote databases. Even though the Service Pack 3, recently released by Microsoft, had secured many servers, all those that had not installed the latest patch had trouble over the weekend.
The operation of SQL Slammer, which immediately attracted the attention of Microsoft Technet, is entirely based on its ability to copy itself and send queries over the networks looking for other servers, which translate into a denial-of-service attack. A task force of CERT, the Emergency Response Centre of the U.S. Government, also tackled this threat.
According to early estimates by U.S. experts, probably the hardest-hit country, in the worst phases about 20 percent of the traffic was lost.
The experts are concerned that the abilities of this worm might be used in the future for creating more dangerous variants, not limited to attacking the connectivity but with more aggressive payloads, such as file erasure and more.
Microsoft placed responsibility on computer users who failed to install a patch that had been available since at least last June. The fact is, not even Microsoft's own network proved immune to the worm, which attacked some of the company servers, compelling the staff to work around-the-clock in order to get rid of the unwelcome guest. "Microsoft was completely hosed (from Slammer). It took them two days to get out from under it," said Bruce Schneier, chief technology officer of Counterpane Internet Security, a network monitoring service provider. "It's as hypocritical as you can get."
Page 1/...Page 2
|
| Home / Back to Top |
|
|
 |
|
|
</ td>
