Slammer could hint to future problems
Slammer could hint to future problems
The Slammer Worm virus which spread across the Internet over the weekend could be a hint towards information management problems to come. By hitting Microsoft SQL servers, the worm slowed Internet traffic and caused widespread problems.
SQL Slammer was first reported on Saturday, 25 January 2003 when Chris Rouland and Dan Ingevaldson of Internet Security System (ISS) discovered the worm. SQL Slammer has been able to spread so successfully because it exploits SQL Servers that have not received the patch MS02-039 from Microsoft. The virus can be cleared with a re-boot, but vulnerable servers are likely to be re-infected with ease if there is no system in place to protect them.
ISS says that SQL Slammer does not seek to replicate itself or compromise the server. But F-Secure, an anti-virus company in the United States said that the worm generates "massive amounts of network packets and overloads server and routers and as a result slows network traffic down. In a release, F-Secure said that SQL Slammer's code instructs a Microsoft SQL Server to go into an endless loop of constantly sending out data to other computers, which causes a form of denial of service attack.
As a result, SQL Slammer was responsible for large amounts of Internet traffic over the weekend, causing many Internet services to be inaccessible. South Korea was the severest hit; the largest Internet Service Provider (ISP) said almost all of its customers lost their connections, whilst China's speeds dropped.
A patch for the vulnerability that SQL Slammer attacks has been available since July from Microsoft, but reports from around the world indicate that many systems administrators have not installed the patch.
Martin Kalder, the CEO of security experts Blue Sky Industries said; "It is a trade off, whether to keep everything protected with patches or should you put up a better barrier?"
SQL Slammer highlighted weaknesses in information infrastructures. The code is just 376 bytes long and caused bank machines in the US to fail.
"It exposes the vulnerabilities of building a Web based infrastructure that is perhaps not as secure as it should be. If servers lack the robustness then we could face problems," said James Robertson, a consultant with information management specialists Step Two Design. "Slammer doesn't have any hostile intent, what damage would have been done if it had?"
ISS recommends that businesses protect their SQL Server databases with a firewall or a packet filter.
Mr Kalder said there is no single answer; it has to be done on a case by case basis. He added; "These things do keep coming up and biting the industry. That environment [Microsoft] does seem to be more sensitive."
Related Articles: