Cash machines frozen, airlines and hospitals reverting back to old-fashion paper forms to track patients. This was the scene on 25 January 03, shortly after the Slammer worm appeared and quickly began spreading around the world, flooding computer networks with worm-generated traffic and knocking vital database servers offline.
One year after it appeared, the Slammer worm is being remembered as a watershed moment in the life of the internet: the sudden appearance of a new type of malicious code that could spread worldwide in minutes.
Slammer used a known buffer overflow in Microsoft's SQL Server database to spread across the world in approximately ten minutes, doubling the number of computers it infected every 8.5 seconds. According to a study of the worm's outbreak published by the Cooperative Association for Internet Data Analysis (CAIDA), a new system was infected every 37 minutes.
A year on its impact is still being felt. Corporations and vendors have changed policies, increased vigilance to internet threats, and worked to foster better security from Microsoft.
Slammer exposed previously unknown interdependencies that were thought to be separate from the internet, says Alan Paller, director of research at the Sans Institute.
"People realised that all the things that we didn't think were connected to the internet actually were," Paller says. "If your routers are connected to the internet and they're full, nothing can flow, so an outage of internet connections is an outage of the entire internet infrastructure."
The aftermath of the Slammer outbreak brought sweeping changes at Microsoft to improve the security of its products, with increased vulnerability assessments and penetration testing of its products and deployment of new automated tools to inspect product code for security holes.