Thursday, March 28, 2024

DOS Computer worm SQL Slammer made a Comeback

DOS Computer worm SQL Slammer is hitting again. A computer worm is an independent malware computer program that recreates itself to spread to a different computer.

Frequently, it uses a computer system to spread itself, depending on security incompetent on the objective computer to get to it.

First Appearance

SQL Slammer is a PC worm that initially exposes up in the wild in January 2003, and brought about a denial of service condition on countless servers around the globe.

It did as such by over-burdening Internet objects, for example, servers and switches with a monstrous number of the network packets within 10 minutes of its first emergence.

The worm exploits a buffer overflow vulnerability in Microsoft SQL Server 2000 or MSDE 2000 by sending a formatted request to UDP port 1434.

How it Spread and work?

Once the server is infected, it endeavors to spread quickly by sending a similar payload to arbitrary IP addresses, bringing on a denial of service condition on its targets.

This vulnerability was found by David Litchfield a while before Slammer initially propelled. As needs are, Microsoft discharged a fix, however, numerous installations had not been fixed before Slammer’s first appearance.

Get Inside: Slammer takes on the appearance of a solitary UDP bundle, one that would ordinarily be a harmless request to find a particular database service.

Reprogram the Machine: The principal thing the computer does in the wake of opening Slammer’s as well long UDP “ask for” is overwrite its own particular stack with new directions that Slammer has disguised as a routine query. The computer reprogram itself without acknowledging it.

Choose Random Victims: Slammer creates a random IP address, focusing on another PC that could be anyplace on the Internet. To randomize, Slammer conveys a time-honored programmer’s trap.

Replicate: Slammer focuses on its own particular code as the information on sending. The infected PC works out another duplicate of the worm and licks the UDP stamp.

Repeat: In the wake of sending off the initially infected packet, Slammer circles around instantly to send another to an alternate PC. It doesn’t waste a solitary millisecond.

Hitting Again

Through a regular testing of worldwide information gathered by Check Point ThreatCloud, they distinguished a huge increment with the number of attack attempts between November 28 and December 4, 2016, making the SQL Slammer worm one of the top malware identified in this time period.

DOS Computer worm SQL Slammer

The IP addresses that started the biggest number of attack endeavors identified with the Slammer worm are enrolled in China, Vietnam, Mexico, and Ukraine, as appeared:

DOS Computer worm SQL Slammer

The attack trials recognized by CheckPoint were coordinated to a substantial assortment of destination countries (172 nations altogether), with 26% of the attacks being towards arranges in the United States. This shows a wide rush of attacks instead of a focused on one.

DOS Computer worm SQL Slammer

In spite of the Slammer worm was fundamentally spread amid 2003, and has scarcely been seen in the wild in the course of the most recent decade, the huge spike in engendering attacks that was seen in checkpoint information demonstrates that worm is attempting to make a rebound.

Temporary Mitigations

Since the worm does not taint any files, an infected machine can be cleaned by just rebooting the machine.

Be that as it may, it will soon get re-contaminated if the machine is associated with the system without applying significant patches for MS SQL Server.

Also Read:

  1. Press F3 for Money: “Plautus” Dangerous ATM Malware Discovered.
  2. DOS attack on Mac OS – Push fake alarms to Scare Users

Website

Latest articles

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles