Gservo
27th January 2003, 06:15 PM
A fast-spreading computer worm attacked the main pillars of the information superhighway Saturday, bringing almost 20 percent of the Internet to its knees. Security experts are already calling the attack the worst the Internet has suffered since a similar worm called CodeRed wreaked havoc nearly 2 years ago. This time, the worm--dubbed SQL Slammer and Sapphire--targeted servers running Microsoft SQL Server 2000 and SQL Server 7.0. In July 2002, Microsoft supplied a fix that would have prevented this problem, and just last week the company released SQL Server 2000 Service Pack 3 (SP3), which included the fix. As is usually the case with such outages, human error--in the form of inadequately updated servers--is at fault.
"Microsoft is currently investigating a virus that appears to affect versions of SQL Server 2000 that aren't up-to-date with service packs," the company noted on its Web site this weekend. "The attack has resulted in widespread Internet availability issues. At this time, we highly recommend that all of our customers running SQL Server 2000 update their servers immediately to SP3."
As of Saturday evening, the worm had compromised almost 200,000 servers. Experts I spoke with at DataPipe, a New York-based hosting company, said that the relatively benign worm replicates itself and presents a Denial of Service (DoS) attack. "It's not malicious code, so it doesn't delete or pass customer data along to other servers," said Brian Laird, senior application developer at DataPipe. "Unfortunately, Microsoft has issued several cumulative security patches for SQL Server since the original patch was issued in July. Had administrators installed any of these patches, this worm would have been prevented from spreading."
Many network administrators, including those at DataPipe, were able to block SQL Server network traffic, help prevent the worm's spread, and ease network congestion. Others weren't so lucky. The worm devastated DellHost, Interland, and other hosting companies, as well as many of UUNet's core routers. Worldwide, the worm caused damage in many locations; KT, South Korea's largest Web access provider, went offline Saturday.
Investigators at the Federal Bureau of Investigation's (FBI's) National Infrastructure Protection Center (NIPC) are looking into the problem but haven't yet determined where the attack originated. By Saturday evening, however, Internet traffic reached usual levels as network administrators shored up their SQL Server boxes.
For Microsoft's response and to download SQL Server 2000 SP3, visit the Microsoft Web site.
http://www.microsoft.com/presspass/press/2003/jan03/01-25virus.asp
"Microsoft is currently investigating a virus that appears to affect versions of SQL Server 2000 that aren't up-to-date with service packs," the company noted on its Web site this weekend. "The attack has resulted in widespread Internet availability issues. At this time, we highly recommend that all of our customers running SQL Server 2000 update their servers immediately to SP3."
As of Saturday evening, the worm had compromised almost 200,000 servers. Experts I spoke with at DataPipe, a New York-based hosting company, said that the relatively benign worm replicates itself and presents a Denial of Service (DoS) attack. "It's not malicious code, so it doesn't delete or pass customer data along to other servers," said Brian Laird, senior application developer at DataPipe. "Unfortunately, Microsoft has issued several cumulative security patches for SQL Server since the original patch was issued in July. Had administrators installed any of these patches, this worm would have been prevented from spreading."
Many network administrators, including those at DataPipe, were able to block SQL Server network traffic, help prevent the worm's spread, and ease network congestion. Others weren't so lucky. The worm devastated DellHost, Interland, and other hosting companies, as well as many of UUNet's core routers. Worldwide, the worm caused damage in many locations; KT, South Korea's largest Web access provider, went offline Saturday.
Investigators at the Federal Bureau of Investigation's (FBI's) National Infrastructure Protection Center (NIPC) are looking into the problem but haven't yet determined where the attack originated. By Saturday evening, however, Internet traffic reached usual levels as network administrators shored up their SQL Server boxes.
For Microsoft's response and to download SQL Server 2000 SP3, visit the Microsoft Web site.
http://www.microsoft.com/presspass/press/2003/jan03/01-25virus.asp