Slammer virus

by

Slammer virus. Computer virus that managed to infect tens of thousands of servers around the world

Summary

[ hide ]

  • 1 History
  • 2 Infection method
  • 3 Propagation method
  • 4 Effects
  • 5 Sources

History

In January of the 2003 , Slammer proved so damaging that could be a worm for public and private services. The worm released a flood of network packets , and the amount of data it transmitted across the Internet caused several servers to suspend activities almost immediately. Among the victims of the worm were Bank of America, the US emergency service 911 and a plant.

The story of Slammer began the 25 of January of 2003 , when within just ten minutes managed to infect tens of thousands of servers around the world , collapsing Internet globally. The reappearance of this worm of just 376 bytes , which had been practically inactive since 2003 .

Detected attack attempts targeted a total of 172 countries , with 26% of offensives directed at US networks. Additionally, the IP addresses that initiated the highest number of SQL Slammer- related assaults are registered in China , Vietnam , Mexico, and Ukraine .

Infection method

Slammer carries out the following infection process :

  1. It reaches the computerfrom another SQL server and is memory resident .
  2. Loads three API functions from Winsock ( networkmanagement standard ):
  3. Socketand Sendto ( DLL ), for sending.
  4. GetTickCount (KERNELL32.DLL), to get the random IP of the server it will try to attack.
  5. Starts sending massive filesof 376 bytes with the code of the worm through the 1434 port.

Due to this continuous process and the multiple shipments, a DDoS (distributed denial of services) attack is generated on said port.

Slammer does not create or modify files. Nor does it modify the Windows registry .

Propagation method

It reaches the server from another SQL server. Once on the computer, it looks for other machines that act as SQL servers, to infect them. To do this, it takes advantage of a Buffer Overflow vulnerability, which exists on servers that do not have Service Pack 3 installed.

Effects edit

  1. Slammer causes the following effects on the affected server:
  2. Increase networktraffic through UDP port 1434 (SQL Server Resolution Service Port).
  3. It slows down and even crashes the server.
  4. It slows down the Internet.
  5. It may cause the emailservice to crash .
  6. It may cause the network tohang .

 

Related Posts:

by Abdullah Sam
I’m a teacher, researcher and writer. I write about study subjects to improve the learning of college and university students. I write top Quality study notes Mostly, Tech, Games, Education, And Solutions/Tips and Tricks. I am a person who helps students to acquire knowledge, competence or virtue.

Leave a Comment