SQL Slammer used British code

Code from a UK security expert has emerged as the driving force behind the SQL Slammer worm that ravaged servers over the weekend.

David Litchfield, co-founder of NGS Software, originally wrote the code to demonstrate the buffer overrun vulnerability and used it as part of a presentation to the Black Hat Briefings in August 2002.

Exploiting an SQL buffer overrun requires control of the target processor's path of execution. Once this has been achieved, the malware writers can then build in whatever additional instructions they require.

"The Slammer code is a straight cut-and-paste job," said Litchfield. "My talk was intentionally made after the patch had been released and I worked with Microsoft to ensure that I didn't pass on the information until the fix had been available for some time."

Microsoft issued the patch in July, a month before the talk, which was given to a small group of experts and later published on the web.

This issue of revealing flaws was thrown into sharp focus last year when an Israeli company published details of vulnerabilities before patches were available to fix them.

The potentially damaging data wasn't acted on immediately by hackers, and patches were soon available.

"It's vital that when vulnerabilities are found the manufacturer is given a chance to put a patch out before the news is published," said Richard Archdeacon, director of technical services at Symantec.

"Given the speed with which hackers are exploiting vulnerabilities, simply publishing flaws is highly irresponsible."