Inside the slammer worm - Security & Privacy Magazine, IEEE

Short Description
tions of the worm to study some of its flaws, and look at ….. We tracked Slammer by monitoring the worm’s probes to address …

Website: www.cs.ucsd.edu | Filesize: 414kb

Content
PUBLISHED BY THE IEEE COMPUTER SOCIETY 1540-7993/03/$17.00 . 2003 IEEE IEEE SECURITY & PRIVACY 33
Slammer Worm Dissection
Slammer (sometimes called Sapphire) was the
fastest computer worm in history. As it began
spreading throughout the Internet, the worm
infected more than 90 percent of vulnerable
hosts within 10 minutes, causing significant disruption to
financial, transportation, and government institutions
and precluding any human-based response. In this article,
we describe how it achieved its rapid growth, dissect portions
of the worm to study some of its flaws, and look at
our defensive effectiveness against it and its successors.
Slammer began to infect hosts slightly before 05:30
UTC on Saturday, 25 January 2003, by exploiting a
buffer-overflow vulnerability in computers on the Internet
running Microsoft’s SQL Server or Microsoft SQL
Server Desktop Engine (MSDE) 2000. David Litchfield
of Next Generation Security Software discovered this underlying
indexing service weakness in July 2002; Microsoft
released a patch for the vulnerability before the
vulnerability was publicly disclosed (www.microsoft.
com/security/slammer.asp). Exploiting this vulnerability,
the worm infected at least 75,000 hosts, perhaps considerably
more, and caused network outages and unforeseen
consequences such…