SQL Slammer 16 years later: Four modern-day scenarios that could be worse

Nothing has ever come close to the speed at which the SQL Slammer worm took down networks. These very possible scenarios might beat it in terms of speed and damage.

It’s been 16 years since the SQL Slammer worm struck on January 25, 2003. It was the fastest spreading computer worm in history, and surprisingly nothing has beat it since. Will that record stand much longer?

What is SQL Slammer?

If you were in IT in 2003, you remember what you were doing when Slammer went off like all civilians do when a president is shot. It was a Saturday…early Saturday. The SQL Slammer worm had been launched outside the U.S. in what was the early morning hours of Eastern Standard Time (EST). America’s IT defenders, for the most part, were asleep. By the time many of us woke and heard about it, it had already brought down most of the world’s SQL servers and networks. Bank ATMs were down. Newspapers printed late. If your company used personal computers, it was likely impacted.

SQL Slammer was an amazing 376 bytes of malicious code. It attempted to connect to every computer it could find over MS-SQL UDP port 1434. It didn’t care if the computer it was connecting to was running SQL or not. It just blasted its buffer-overflow-abusing code against every computer it found.

Until then, many researchers thought the “just try it” approach would be very inefficient. Why waste your time trying an exploit that didn’t possibly exist unless you encountered a verified unpatched MS-SQL server? The experts were wrong. Turns out just blasting away at every possible target was incredibly fast at infecting every reachable, vulnerable computer. They included not only SQL servers, but any workstation running unpatched versions of Microsoft’s SQL client-side product, which Microsoft was attaching to more and more products. It only took one vulnerable SQL server in your company to crash the network.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!