We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Remembering Slammer on its anniversary

A new generation of worm

Cash machines frozen, airlines and hospitals reverting back to old-fashion paper forms to track patients. This was the scene on 25 January 03, shortly after the Slammer worm appeared and quickly began spreading around the world, flooding computer networks with worm-generated traffic and knocking vital database servers offline.

One year after it appeared, the Slammer worm is being remembered as a watershed moment in the life of the internet: the sudden appearance of a new type of malicious code that could spread worldwide in minutes.

Slammer used a known buffer overflow in Microsoft's SQL Server database to spread across the world in approximately ten minutes, doubling the number of computers it infected every 8.5 seconds. According to a study of the worm's outbreak published by the Cooperative Association for Internet Data Analysis (CAIDA), a new system was infected every 37 minutes.

A year on its impact is still being felt. Corporations and vendors have changed policies, increased vigilance to internet threats, and worked to foster better security from Microsoft.

Slammer exposed previously unknown interdependencies that were thought to be separate from the internet, says Alan Paller, director of research at the Sans Institute.

"People realised that all the things that we didn't think were connected to the internet actually were," Paller says. "If your routers are connected to the internet and they're full, nothing can flow, so an outage of internet connections is an outage of the entire internet infrastructure."

The aftermath of the Slammer outbreak brought sweeping changes at Microsoft to improve the security of its products, with increased vulnerability assessments and penetration testing of its products and deployment of new automated tools to inspect product code for security holes.

IDG UK Sites

Samsung Galaxy S6 launch as it happened: Galaxy S6 launch video and live blog - watch again as...

IDG UK Sites

5 things we hate about MWC: What it's like to be a journalist at a technology trade show

IDG UK Sites

Interview: Lauren Currie aims to help design students bridge skills gap

IDG UK Sites

12in Retina MacBook Air release date rumours: new MacBook Air to have fingerprint ID, could launch...