Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theatre
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
Slammer Worm Slaps Net Down, But Not Out
Patch available for SQL Server 2000 flaw exploited by fast-traveling worm that slowed the Net over weekend.
Stacy Cowley and Martyn Williams, IDG News Service
A new worm attacking a known vulnerability in Microsoft SQL Server 2000 Web servers that has been slowing down or halting Internet traffic worldwide could prove as tricky a nemesis as security foes "Code Red" and "Nimda," according to firms tracking the outbreak.
Half a dozen security outlets have issued bulletins describing worm W32/SQL Slammer, dubbed "Slammer." Using a buffer overflow to take over a server, the worm sends out a flood of packets, an effect similar to a denial-of-service attack.
Network Associates' Anti-Virus Emergency Response Team (AVERT) estimates 150,000 to 200,000 servers worldwide have already been infected.
When the attack began around 3:30 a.m. Pacific Time on January 25, packet loss across the Internet approached 20 percent, according to monitoring firm Matrix NetSystems. Packet loss rates are usually less than 1 percent.
One of the countries worst affected was South Korea, where most of the nation's fixed-line and mobile Internet users were unable to access Web sites for nearly half of the day.
"The networks of Internet service providers in South Korea were partially down from about 2:30 p.m. today," said Lee Kin Tae, a technical assistant at the Korean Computer Emergency Response Team (CERT) in Seoul. "From around that time, most people in South Korea cannot use the Internet."
Quick Recovery
Ten hours after the attack began, traffic flow was picking up, with packet loss down to around 5 percent by Matrix NetSystems' readings.
Recovering from the worm is easy, security firms agree: Installing Microsoft's recently released SQL Server 2000 Service Pack 3 solves the problem. Microsoft issued a security bulletin on the problem last July. Some also recommend system administrators consider blocking traffic on port 1434 from unknown machines.
Firms disagree, though, on the severity of the threat posed by Slammer. Trend Micro labels the worm "destructive" and "high risk," while Symantec assesses its damage potential as "low." Network Associates and eEye Digital Security, one of the first to spot and dissect the worm, both issued high-risk alerts on the worm.
The Computer Emergency Response Team (CERT) Coordination Center at Carnegie Mellon also issued a bulletin on Saturday.
While the worm may be easy to defend against, a vast number of systems remain unprotected.
"It's probably worse than it was three or four hours ago," said AVERT Vice President Vincent Gullotto, about 12 hours after the attack began. "This is not going to be cleaned up any time soon."
"(Slammer) doesn't destroy, remove, hack or extract any data," said Tom Ohlsson, Matrix NetSystems' vice president of marketing and business development. "But it's a very, very aggressive worm about self-replication."
Reminiscent of Code Red
Slammer's speed in spreading itself recalls another worm that rampaged through the Net: Code Red, a scourge that appeared in mid-2001 and infected hundreds of thousands of servers.
Despite the availability of a patch, Code Red caused $2 billion in damage, according to one research firm's estimates. New infections continued spreading more than a year after the worm's discovery, according to several vendors, as some vulnerable systems remained unprotected.
Slammer is "similar in terms of speed, but nowhere near as destructive" as Code Red, Ohlsson said.
The worm is "certainly on the same level" as Code Red in terms of the threat it poses, said AVERT's Gullotto.
A representative of the U.S. National Infrastructure Protection Center (NIPC) confirmed the center is investigating the problems. The NIPC has not posted any alerts on its Web site concerning the worm or vulnerability since Microsoft first identified the weakness in July 2002.
An FBI spokesperson declined to comment in detail on the Internet problems, but said, "The bureau is aware a worm was attacking the Internet overnight and we are monitoring it."
The worm hit a day after South Korea's Ministry of Information and Communication (MIC) issued an emergency alert on the possibility of denial-of-service attacks, according to local media. The MIC received reports that South Korean computers were to be used as a springboard for attacks, said the country's Yonhap News Agency.
- Sponsored Resource:Improve your network with the right mix of features, performance and pricing.
- Sponsored Resource:Growing your business requires the right tools. Dell's networking servers can help.
- Sponsored Resource:Thinking about a new Laptop? Lenovo has models to meet everyone's needs.
- Sponsored Resource:Twitter: A how-to guide for using Twitter as a business tool.
- Sponsored Resource:Smartphone security threats are on the rise. Is it time to safegaurd your device?
Top Selling Laptops
Dell Small Business Servers
Deal Breakers
Special Offers for PC World Users
-
Dell Windows 7 Deals Win7 Weekend Sale at dell.com!
Laptops starting at $499 after Instant Savings
People who read this also read:
Best Prices on Antivirus Software
Norton AntiVirus 2009 (Full Product)Price: $15.72
Norton Antivirus 2010 (Full Product, 1 User)Price: $17.95
Anti-virus 2010 (OEM Product, 1 User)Price: $17.95
Norton Antivirus 2010 (Full Product, 1 User)Price: $16.95
Anti-Virus 2009 (Full Product)Price: $17.00
Norton Antivirus 2010 (Full Product, 3 Users)Price: $36.98
-
Dell Shopping Center Check out great deals from Dell!
