
SQL Slammer slows the internet
Unpatched systems contribute to havoc on servers as worm spreads
A flaw involving Microsoft SQL Server hit banking and airline computer networks and significantly slowed down internet traffic over the weekend.
The SQL Slammer worm exploits a flaw for which a patch has been available since July of last year. It contains no damaging payload, but in its attempts to find other servers it generates vast amounts of traffic.
"This is Code Red for SQL Server," said Mark Fisher, technical manager for Trend Micro UK. "You'd imagine that most applications running on SQL are mission-critical and should have been patched as a matter of course. Now that people are back to work the number of infections should fall off rapidly."
One of the first 'victims' was Bank of America, which found that the worm froze its network of 13,000 cashpoint machines for part of Saturday. Continental Airlines' ticketing service was also badly affected. In South Korea users of the country's largest internet service provider lost all service.
At the height of the problems traffic was slowed to such an extent that administrators were having problems downloading the patch.
"It's a sad reflection of the quality of system software," said Mike Small, vice president of e-trust solutions for Computer Associates. "On the other hand the computer user community are very poor at keeping up to date with patches.
"Once they get things working they are unwilling to apply patches that may destabilise their system, but fundamentally it's negligence."
Officials at the FBI's National Infrastructure Protection Centre are examining the attack to see if it could have been started by terrorists, but analysts and security experts have rated this as highly improbable.
The SQL Slammer worm, which is small at 367 bytes, infects servers though port 1434/UDP. The infection is simple to fix: servers simply need to be shut down, the patch applied and the server rebooted.
The worm was first detected in the US at about midnight on 24 January - possibly the worst time from a system administrator's point of view.
V3 Latest
First plant to grow on the Moon, err, dies
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite news and updates: Fortnite made $2.4bn in 2018, according to SuperData
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Japanese firm sends micro-satellites into space to deliver artificial meteor showers on demand
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago