The Big Lessons of a Little Worm

Wednesday, 5 February 2003, 12:55 PM EST

While the chaos caused by the Slammer worm on Saturday, Jan. 25 has subsided, the tiny program that gummed up the Internet leaves some painful insights into the immense damage a voracious invader can inflict -- not only on its direct targets but to secondary ones as well. Above all, Slammer, which infected the ubiquitous Microsoft database software used to manage corporate information, was a further demonstration of just how vulnerable the Internet remains.

In this case, not using Microsoft software or products that rely on Redmond's databases was no guarantee. On the North American Network Operators list-serv, a bulletin board for network engineers, a slew of frustrated posts complained that, even after the switches and routers that serve as network traffic cops were reprogrammed to ignore Slammer, the sheer volume of worm traffic continued to bury networks. Unlike a virus, a worm doesn't require e-mail to replicate and transmit itself into other systems.

Telephone service, ATM networks, and crucial communications linkages that depend on the Net were knocked out. And while that was bad enough, things might easily have been much worse. "If it had been Monday morning, you would have had not just the tech industry buzzing -- I think you would have been talking about serious collateral damage," says Tom Ohlsson, vice-president for network-monitoring services provider Matrix NetSystems in Austin, Tex.

[ Read more ]




Spotlight

How to get better at web application security

Robert Hansen, Vice President of WhiteHat Security Labs, discusses the evolution of web application security, offers advice on how to improve web application security practices, recommends tools, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Thu, Aug 27th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //