[LINK] The worm
Sun, 09 Feb 2003 10:38:21 +1100
Woody Leonhard has more to say on Sapphire/SQL Slammer:
"Last week I ranted about Microsoft SQL Data Engine - MSDE - the
slightly-stripped-down version of SQL Server that gets installed with
all sorts of Microsoft and non-Microsoft products and custom
applications, including many custom Access databases programs."
"There's ... a list of more than 100 custom Access applications that
use MSDE at
The list includes many names you'll recognize, including Computer
Associates, Trend Micro, Peachtree, Network Associates, PowerQuest,
Dell, Microsoft and Great Plains, McAfee, Lyris, JD Edwards, HP,
Veritas, Compaq, and Cisco."
"Sometime last week, Microsoft re-released its security bulletin
and mentioned that, oh golly, MSDE 1.0 is also vulnerable."
"I looked and couldn't find the MSDE 1.0 Slammer patch."
"Want to know how fast Slammer (a.k.a. Sapphire/SQL Slammer)
"This worm required roughly 10 minutes to spread worldwide making it
by far the fastest worm to date. In the early stages the worm was
doubling in size every 8.5 seconds. At its peak, achieved
approximately 3 minutes after it was released, Sapphire scanned the
net at over 55 million IP addresses per second."
Nicholas Weaver and his team at UC Berkeley have a fascinating report
on SQL Slammer at http://www.cs.berkeley.edu/~nweaver/sapphire/ ."
"To me, the real eye-opener was the extent to which MSDE has taken
over so many desktops."
It's early days.
David Boxall | The more I learn
firstname.lastname@example.org | The more I realise
| How little I know