Friday, December 27, 2024
HomeTorjan Horses/wormsDOS Computer worm SQL Slammer made a Comeback

DOS Computer worm SQL Slammer made a Comeback

Published on

SIEM as a Service

DOS Computer worm SQL Slammer is hitting again. A computer worm is an independent malware computer program that recreates itself to spread to a different computer.

Frequently, it uses a computer system to spread itself, depending on security incompetent on the objective computer to get to it.

First Appearance

SQL Slammer is a PC worm that initially exposes up in the wild in January 2003, and brought about a denial of service condition on countless servers around the globe.

- Advertisement - SIEM as a Service

It did as such by over-burdening Internet objects, for example, servers and switches with a monstrous number of the network packets within 10 minutes of its first emergence.

The worm exploits a buffer overflow vulnerability in Microsoft SQL Server 2000 or MSDE 2000 by sending a formatted request to UDP port 1434.

How it Spread and work?

Once the server is infected, it endeavors to spread quickly by sending a similar payload to arbitrary IP addresses, bringing on a denial of service condition on its targets.

This vulnerability was found by David Litchfield a while before Slammer initially propelled. As needs are, Microsoft discharged a fix, however, numerous installations had not been fixed before Slammer’s first appearance.

Get Inside: Slammer takes on the appearance of a solitary UDP bundle, one that would ordinarily be a harmless request to find a particular database service.

Reprogram the Machine: The principal thing the computer does in the wake of opening Slammer’s as well long UDP “ask for” is overwrite its own particular stack with new directions that Slammer has disguised as a routine query. The computer reprogram itself without acknowledging it.

Choose Random Victims: Slammer creates a random IP address, focusing on another PC that could be anyplace on the Internet. To randomize, Slammer conveys a time-honored programmer’s trap.

Replicate: Slammer focuses on its own particular code as the information on sending. The infected PC works out another duplicate of the worm and licks the UDP stamp.

Repeat: In the wake of sending off the initially infected packet, Slammer circles around instantly to send another to an alternate PC. It doesn’t waste a solitary millisecond.

Hitting Again

Through a regular testing of worldwide information gathered by Check Point ThreatCloud, they distinguished a huge increment with the number of attack attempts between November 28 and December 4, 2016, making the SQL Slammer worm one of the top malware identified in this time period.

DOS Computer worm SQL Slammer

The IP addresses that started the biggest number of attack endeavors identified with the Slammer worm are enrolled in China, Vietnam, Mexico, and Ukraine, as appeared:

DOS Computer worm SQL Slammer

The attack trials recognized by CheckPoint were coordinated to a substantial assortment of destination countries (172 nations altogether), with 26% of the attacks being towards arranges in the United States. This shows a wide rush of attacks instead of a focused on one.

DOS Computer worm SQL Slammer

In spite of the Slammer worm was fundamentally spread amid 2003, and has scarcely been seen in the wild in the course of the most recent decade, the huge spike in engendering attacks that was seen in checkpoint information demonstrates that worm is attempting to make a rebound.

Temporary Mitigations

Since the worm does not taint any files, an infected machine can be cleaned by just rebooting the machine.

Be that as it may, it will soon get re-contaminated if the machine is associated with the system without applying significant patches for MS SQL Server.

Also Read:

  1. Press F3 for Money: “Plautus” Dangerous ATM Malware Discovered.
  2. DOS attack on Mac OS – Push fake alarms to Scare Users

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Lumma Stealer Attacking Users To Steal Login Credentials From Browsers

Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a...

New ‘OtterCookie’ Malware Attacking Software Developers Via Fake Job Offers

Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated...

NjRat 2.3D Pro Edition Shared on GitHub: A Growing Cybersecurity Concern

The recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms...

Palo Alto Networks Vulnerability Puts Firewalls at Risk of DoS Attacks

A critical vulnerability, CVE-2024-3393, has been identified in the DNS Security feature of Palo...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

MnuBot – New Banking Trojan Take Browsers Screenshots, Keylogging to Steal Bank Data

Newly discovered banking Trojan named MnuBot malware spreading to steal the sensitive bank related...

New Banking Trojan IcedID Evade Sandboxes and Performing Web Injection Attacks

A New Banking Trojan dubbed IcedID discovered that capable of performing some dangerous web-based...

Silence Trojan Targeting Financial Institutions Recording day to day activity on Bank Employees’ PCs

Security experts from Kaspersky lab discovered a new trojan dubbed Silence trojan that targeting Financial...