Inter Engineering

Inter Engineering and F-Secure warn the computer users about new Internet worm known as Slammer (or Sapphire). The worm generates massive amounts of network packets, overloading internet servers. This slows down all internet functions such as sending e-mail or surfing the net.

The worm was first detected in the Internet on January 25, 2003 at 05:30 GMT. After this the worm quickly spread worldwide to generate one of the biggest attacks against internet ever. According to reports, several large web sites and mail servers became unavailable, including as many as 5 of the 13 root nameserver.

Slammer infects only Windows 2000 servers running Microsoft SQL Server, and is therefore not a threat to the end user machines. However, its functions are still visible to the end users by the way it blocks the network traffic.

Slammer is not a mass mailer like many other common worms. It does not send any emails, nor writes itself to the hard drive, but spreads as an in-memory process. This functionality makes it similar to Code Red, an Internet worm that was found in July 2001 and infected more than 300 000 web servers.

The worm uses UDP port 1434 to exploit a buffer overflow in MS SQL server. To prevent the worm from infecting the server, this port on the firewall should be closed. The worm is extremely small, only 376 bytes in size. It has no other functionality than to spread further, but the spreading process is so aggressive that the worm generates extreme loads.

As the worm does not infect any files, an infected machine can be cleaned simply by rebooting the machine. However, if the machine is connected to the network without applying SP2 or SP3 patches for MS SQL Server, it will soon get reinfected.

"We've never seen such a small virus spreading so fast in the wild and doing so much damage", comments Mikko Hypponen, Manager of Anti-Virus Research at F-Secure Corporation. "The virus is so simple yet so aggressive. In fact the massive network load also slows down the virus itself", he continues.

Technical description and pictures of Slammer are available at http://www.f-secure.com/v-descs/mssqlm.shtml

About Inter Engineering:

Inter Engineering is one of the few companies specialized in Data Security. Since 1992 the company is active in the protection against computer viruses and has since then extended its activities with strong cryptography, access control, copy protection, biometrics, data recovery and year 2000 solutions. The Company cooperates closely with leading providers globally and contributes actively to research and development. Also close relationships with scientific organizations are maintained. Thus Inter Engineering is able to provide consultancy and solutions for almost any Data Security issue.

Inter Engineering
P.O. Box 1626
410 02 Larissa, Greece
Tel. +30.2410.670030
Fax. +30.2410.670006
Email: sales@inter.gr