SQL Slammer -- The Aftermath
Good story on C|Net today discussing SQL Slammer and the long term view of network security.
Some highlights:
he SQL Slammer worm, at 376 bytes of computer code, is much smaller than either Code Red's estimated 4KB (4,096 bytes) or Nimda's 60KB (61,440 bytes). Exploiting a hole that had been announced and patched by Microsoft six months earlier to the day, the worm inundated other computers on the Internet with a copy of itself. The worm's small size meant that it could send itself out in a single data package, or packet, that automatically infected the victim by loading Slammer into memory.
That efficiency made Slammer the fastest-spreading worm to date, infecting 90 percent of all vulnerable servers in its first 10 minutes, according to a report by a coalition of researchers from University of California San Diego, Lawrence Berkeley National Labs, and Silicon Defense, a security consultancy.
...
That's exactly what happened to Bank of America, whose automated teller machines suddenly stopped dispensing cash early Jan. 25. The reason: The sheer volume of data produced by servers infected with Slammer smothered databases in Bank of America's internal network
...
While the company [Microsoft] had hardened its networks, it hadn't cut connections between buildings on all ports--the software addresses on which an application listens for data from the network. The worm found its way to a connected port and, because the buildings weren't isolated, was able to spread throughout the campus.
