On Saturday Jan 25th a new computer worm rocketed around the world disrupting hundreds of thousands of systems and slowing Internet traffic to a crawl. The latest virus called the Slammer or Sapphire worm transmitted thousands of packets (large bundled amounts of information) from infected systems, taking advantage of a known software flaw in Microsoft SQL Server.
On Monday, Jan 27th, Bank of America announced that many customers were unable to withdraw money from its 13,000 ATM machines because of technical problems caused by the Slammer worm. Service was fully restored within 48 hours. The nation’s largest residential mortgage firm, Countrywide Financial Corp., stated that customers were unable to make payments or check loan information through Tuesday morning. American Express also reported that customers experienced outages as well.
The worm sought out vulnerable computers using Microsoftâs SQL Server 2000 software. Like the earlier Code Red worm, which spread in July 2001, the Slammer is a memory-resident worm and does not write to disk storage. Also, like the Code Red, computers can be protected from the worm by installing a patch provided by Microsoft. Microsoft detected the flaw in July 2002 and soon afterward began offering a free patch to protect systems running SQL Server.
In an ironic twist, the New York Times reported that Microsoft admitted that some of the company’s machines had gone unpatched and that its MSN Internet service also had significant slowdowns due to the Slammer worm.
FBI and security experts believe the worm originated in China, as many Asian countries were the earliest to report problems and experienced the most severe outages. The attacking software scanned for victim computers so randomly and aggressively that it quickly congested many of the Internetâs largest data pipelines, slowing email and web surfing around the globe.
As of Jan 30th, security experts report that the congestion from the Internet attack had almost completely cleared. Now the job of investigating its source is in full swing. However, the attack spread so quickly and used such small packets that it may be impossible for researchers to isolate the actual point of origin.
Even though the Slammer was not designed to infect data, or damage system software, or applications resident on desktops and servers, it did represent a severe denial of service attack that cost millions of dollars to companies heavily dependent on Internet traffic. It also underscored the fact that most companies are still extremely vulnerable to malicious or terrorist attacks via the Internet.
Computer Economics estimates that the damages caused by the Slammer worm worldwide will exceed $750 million.
January 2003
Avasant’s research and other publications are based on information from the best available sources and Avasant’s independent assessment and analysis at the time of publication. Avasant takes no responsibility and assumes no liability for any error/omission or the accuracy of information contained in its research publications. Avasant does not endorse any provider, product or service described in its RadarView™ publications or any other research publications that it makes available to its users, and does not advise users to select only those providers recognized in these publications. Avasant disclaims all warranties, expressed or implied, including any warranties of merchantability or fitness for a particular purpose. None of the graphics, descriptions, research, excerpts, samples or any other content provided in the report(s) or any of its research publications may be reprinted, reproduced, redistributed or used for any external commercial purpose without prior permission from Avasant, LLC. All rights are reserved by Avasant, LLC.
Login to get free content each month and build your personal library at Avasant.com
