Click Here
home features news forums classifieds faqs links search
5630 members 
Amiga Q&A /  Free for All /  Emulation /  Gaming / (Latest Posts)
Login

Nickname

Password

Lost Password?

Don't have an account yet?
Register now!

Support Amigaworld.net
Your support is needed and is appreciated as Amigaworld.net is primarily dependent upon the support of its users.
Donate

Menu
Main sections
Home
Features
News
Forums
Classifieds
Links
Downloads
Extras
OS4 Zone
IRC Network
AmigaWorld Radio
Newsfeed
Top Members
Amiga Dealers
Information
About Us
FAQs
Advertise
Polls
Terms of Service
Search

IRC Channel

Who's Online
 73 guest(s) on-line.
 0 member(s) on-line.



You are an anonymous user.
Register Now!
 Srtest:  12 mins ago
 billt:  34 mins ago
 terminills:  46 mins ago
 thetommyboy2k:  1 hr 42 mins ago
 Trekiej:  1 hr 42 mins ago
 agami:  1 hr 47 mins ago
 NutsAboutAmiga:  2 hrs 4 mins ago
 K-L:  2 hrs 18 mins ago
 ferrels:  2 hrs 35 mins ago
 RobertB:  4 hrs 2 mins ago

AmigaWorld - Amiga Community Portal


Aggressive net bug makes history

Date 3-Feb-2003 23:58:55
Topic: Miscellaneous News


The Slammer worm that recently crippled the internet was the fastest spreading computer bug in history, say security experts.

An analysis of the attack has shown that the worm took just 10 minutes to spread across the world.

At its peak on 25 January, the malicious code caused scattered slowdowns in net traffic and effectively shut down the internet in South Korea, the world's most wired country.

The experts said the attack marked a "significant milestone in the evolution of computer worms," warning that these sorts of bugs "should be considered a standard tool in the arsenal of an attacker".

Fast-moving

The analysis published by the Cooperative Association for Internet Data Analysis (CAIDA) provides an insight into how fast the Slammer worm, also called Sapphire, spread across the internet.

The malicious code first appeared on the net around 0530 GMT on Saturday 25 January.

The bug targeted a known flaw in Microsoft's SQL database software affecting servers rather than home computers and clogged up internet pipelines.

As it began spreading, it doubled in size every 8.5 seconds. Within 10 minutes it had infected more than 90% of vulnerable hosts, said the experts.

At its peak, achieved approximately three minutes after it was released, Slammer was carrying out 55 million scans per second across the internet.

Fortunately the bug did not contain a malicious payload - a set of computer commands designed to harm a machine.

Instead once the worm infected a server, it would send out multiple data requests in a random manner to other internet addresses, looking for more computers to infect.

Aggressive scanning

Slammer infected at least 75,000 hosts, perhaps considerably more said the experts, and caused network outages and such unforeseen consequences as cancelled airline flights and problems with cash machines.

The worm spread twice as fast as the Code Red virus that affected 300,000 computers in July 2001.

The speed of infection was part of the reason why the bug had such a major impact in such a short time.

This was because Slammer contained a simple, fast scanner to find vulnerable machines in a small worm with a total size of only 376 bytes.

By using an internet protocol called UDP, it was able to aggressively send these scans without requiring an answer from the potential victim.

"Though very simple, Sapphire represents a significant milestone in the evolution of computer worms," said the report.

"Although it did not contain a destructive payload, Sapphire spread worldwide in roughly 10 minutes causing significant disruption of financial, transportation, and government institutions.

"It clearly demonstrates that fast worms are not just a theoretical threat, but a reality - one that should be considered a standard tool in the arsenal of an attacker," said the experts.

The report was put together by David Moore and Stefan Savage of the University of San Diego Department of Computer Science and Engineering, Vern Paxson of the ICSI Center for Internet Research in California, Colleen Shannon of CAIDA, and Stuart Staniford and Nicholas Weaver of computer security firm Silicon Defense.



This article comes from AmigaWorld - Amiga Community Portal
https://amigaworld.net

The URL for this story is:
https://amigaworld.net/article.php?storyid=177