Monday, November 25, 2024
HomeTorjan Horses/wormsDOS Computer worm SQL Slammer made a Comeback

DOS Computer worm SQL Slammer made a Comeback

Published on

DOS Computer worm SQL Slammer is hitting again. A computer worm is an independent malware computer program that recreates itself to spread to a different computer.

Frequently, it uses a computer system to spread itself, depending on security incompetent on the objective computer to get to it.

First Appearance

SQL Slammer is a PC worm that initially exposes up in the wild in January 2003, and brought about a denial of service condition on countless servers around the globe.

- Advertisement - SIEM as a Service

It did as such by over-burdening Internet objects, for example, servers and switches with a monstrous number of the network packets within 10 minutes of its first emergence.

The worm exploits a buffer overflow vulnerability in Microsoft SQL Server 2000 or MSDE 2000 by sending a formatted request to UDP port 1434.

How it Spread and work?

Once the server is infected, it endeavors to spread quickly by sending a similar payload to arbitrary IP addresses, bringing on a denial of service condition on its targets.

This vulnerability was found by David Litchfield a while before Slammer initially propelled. As needs are, Microsoft discharged a fix, however, numerous installations had not been fixed before Slammer’s first appearance.

Get Inside: Slammer takes on the appearance of a solitary UDP bundle, one that would ordinarily be a harmless request to find a particular database service.

Reprogram the Machine: The principal thing the computer does in the wake of opening Slammer’s as well long UDP “ask for” is overwrite its own particular stack with new directions that Slammer has disguised as a routine query. The computer reprogram itself without acknowledging it.

Choose Random Victims: Slammer creates a random IP address, focusing on another PC that could be anyplace on the Internet. To randomize, Slammer conveys a time-honored programmer’s trap.

Replicate: Slammer focuses on its own particular code as the information on sending. The infected PC works out another duplicate of the worm and licks the UDP stamp.

Repeat: In the wake of sending off the initially infected packet, Slammer circles around instantly to send another to an alternate PC. It doesn’t waste a solitary millisecond.

Hitting Again

Through a regular testing of worldwide information gathered by Check Point ThreatCloud, they distinguished a huge increment with the number of attack attempts between November 28 and December 4, 2016, making the SQL Slammer worm one of the top malware identified in this time period.

DOS Computer worm SQL Slammer

The IP addresses that started the biggest number of attack endeavors identified with the Slammer worm are enrolled in China, Vietnam, Mexico, and Ukraine, as appeared:

DOS Computer worm SQL Slammer

The attack trials recognized by CheckPoint were coordinated to a substantial assortment of destination countries (172 nations altogether), with 26% of the attacks being towards arranges in the United States. This shows a wide rush of attacks instead of a focused on one.

DOS Computer worm SQL Slammer

In spite of the Slammer worm was fundamentally spread amid 2003, and has scarcely been seen in the wild in the course of the most recent decade, the huge spike in engendering attacks that was seen in checkpoint information demonstrates that worm is attempting to make a rebound.

Temporary Mitigations

Since the worm does not taint any files, an infected machine can be cleaned by just rebooting the machine.

Be that as it may, it will soon get re-contaminated if the machine is associated with the system without applying significant patches for MS SQL Server.

Also Read:

  1. Press F3 for Money: “Plautus” Dangerous ATM Malware Discovered.
  2. DOS attack on Mac OS – Push fake alarms to Scare Users

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting...

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ...

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to...

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities,...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

MnuBot – New Banking Trojan Take Browsers Screenshots, Keylogging to Steal Bank Data

Newly discovered banking Trojan named MnuBot malware spreading to steal the sensitive bank related...

New Banking Trojan IcedID Evade Sandboxes and Performing Web Injection Attacks

A New Banking Trojan dubbed IcedID discovered that capable of performing some dangerous web-based...

Silence Trojan Targeting Financial Institutions Recording day to day activity on Bank Employees’ PCs

Security experts from Kaspersky lab discovered a new trojan dubbed Silence trojan that targeting Financial...