Thursday, June 13, 2024

DOS Computer worm SQL Slammer made a Comeback

DOS Computer worm SQL Slammer is hitting again. A computer worm is an independent malware computer program that recreates itself to spread to a different computer.

Frequently, it uses a computer system to spread itself, depending on security incompetent on the objective computer to get to it.

First Appearance

SQL Slammer is a PC worm that initially exposes up in the wild in January 2003, and brought about a denial of service condition on countless servers around the globe.

It did as such by over-burdening Internet objects, for example, servers and switches with a monstrous number of the network packets within 10 minutes of its first emergence.

The worm exploits a buffer overflow vulnerability in Microsoft SQL Server 2000 or MSDE 2000 by sending a formatted request to UDP port 1434.

How it Spread and work?

Once the server is infected, it endeavors to spread quickly by sending a similar payload to arbitrary IP addresses, bringing on a denial of service condition on its targets.

This vulnerability was found by David Litchfield a while before Slammer initially propelled. As needs are, Microsoft discharged a fix, however, numerous installations had not been fixed before Slammer’s first appearance.

Get Inside: Slammer takes on the appearance of a solitary UDP bundle, one that would ordinarily be a harmless request to find a particular database service.

Reprogram the Machine: The principal thing the computer does in the wake of opening Slammer’s as well long UDP “ask for” is overwrite its own particular stack with new directions that Slammer has disguised as a routine query. The computer reprogram itself without acknowledging it.

Choose Random Victims: Slammer creates a random IP address, focusing on another PC that could be anyplace on the Internet. To randomize, Slammer conveys a time-honored programmer’s trap.

Replicate: Slammer focuses on its own particular code as the information on sending. The infected PC works out another duplicate of the worm and licks the UDP stamp.

Repeat: In the wake of sending off the initially infected packet, Slammer circles around instantly to send another to an alternate PC. It doesn’t waste a solitary millisecond.

Hitting Again

Through a regular testing of worldwide information gathered by Check Point ThreatCloud, they distinguished a huge increment with the number of attack attempts between November 28 and December 4, 2016, making the SQL Slammer worm one of the top malware identified in this time period.

DOS Computer worm SQL Slammer

The IP addresses that started the biggest number of attack endeavors identified with the Slammer worm are enrolled in China, Vietnam, Mexico, and Ukraine, as appeared:

DOS Computer worm SQL Slammer

The attack trials recognized by CheckPoint were coordinated to a substantial assortment of destination countries (172 nations altogether), with 26% of the attacks being towards arranges in the United States. This shows a wide rush of attacks instead of a focused on one.

DOS Computer worm SQL Slammer

In spite of the Slammer worm was fundamentally spread amid 2003, and has scarcely been seen in the wild in the course of the most recent decade, the huge spike in engendering attacks that was seen in checkpoint information demonstrates that worm is attempting to make a rebound.

Temporary Mitigations

Since the worm does not taint any files, an infected machine can be cleaned by just rebooting the machine.

Be that as it may, it will soon get re-contaminated if the machine is associated with the system without applying significant patches for MS SQL Server.

Also Read:

  1. Press F3 for Money: “Plautus” Dangerous ATM Malware Discovered.
  2. DOS attack on Mac OS – Push fake alarms to Scare Users


Latest articles

CISA Warns of Scammers Impersonating as CISA Employees

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a surge...

Microsoft Windows Ntqueryinformationtoken Flaw Let Attackers Escalate Privileges

Microsoft has disclosed a critical vulnerability identified as CVE-2024-30088.With a CVSS score of 8.8, this flaw affects Microsoft...

256,000+ Publicly Exposed Windows Servers Vulnerable to MSMQ RCE Flaw

Cybersecurity watchdog Shadowserver has identified 256,000+ publicly exposed servers vulnerable to a critical Remote...

Indian National Jailed For Hacked Servers Of Company That Fired Him

An Indian national was sentenced to two years and eight months in jail for...

JetBrains Warns of GitHub Plugin that Exposes Access Tokens

A critical vulnerability (CVE-2024-37051) in the JetBrains GitHub plugin for IntelliJ-based IDEs (2023.1 and...

Critical Flaw In Apple Ecosystems Let Attackers Gain Unauthorized Access

Hackers go for Apple due to its massive user base along with rich customers,...

Hackers Exploiting Linux SSH Services to Deploy Malware

SSH and RDP provide remote access to server machines (Linux and Windows respectively) for...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles