Categories: Torjan Horses/worms

DOS Computer worm SQL Slammer made a Comeback

DOS Computer worm SQL Slammer is hitting again. A computer worm is an independent malware computer program that recreates itself to spread to a different computer.

Frequently, it uses a computer system to spread itself, depending on security incompetent on the objective computer to get to it.

First Appearance

SQL Slammer is a PC worm that initially exposes up in the wild in January 2003, and brought about a denial of service condition on countless servers around the globe.

It did as such by over-burdening Internet objects, for example, servers and switches with a monstrous number of the network packets within 10 minutes of its first emergence.

The worm exploits a buffer overflow vulnerability in Microsoft SQL Server 2000 or MSDE 2000 by sending a formatted request to UDP port 1434.

How it Spread and work?

Once the server is infected, it endeavors to spread quickly by sending a similar payload to arbitrary IP addresses, bringing on a denial of service condition on its targets.

This vulnerability was found by David Litchfield a while before Slammer initially propelled. As needs are, Microsoft discharged a fix, however, numerous installations had not been fixed before Slammer’s first appearance.

Get Inside: Slammer takes on the appearance of a solitary UDP bundle, one that would ordinarily be a harmless request to find a particular database service.

Reprogram the Machine: The principal thing the computer does in the wake of opening Slammer’s as well long UDP “ask for” is overwrite its own particular stack with new directions that Slammer has disguised as a routine query. The computer reprogram itself without acknowledging it.

Choose Random Victims: Slammer creates a random IP address, focusing on another PC that could be anyplace on the Internet. To randomize, Slammer conveys a time-honored programmer’s trap.

Replicate: Slammer focuses on its own particular code as the information on sending. The infected PC works out another duplicate of the worm and licks the UDP stamp.

Repeat: In the wake of sending off the initially infected packet, Slammer circles around instantly to send another to an alternate PC. It doesn’t waste a solitary millisecond.

Hitting Again

Through a regular testing of worldwide information gathered by Check Point ThreatCloud, they distinguished a huge increment with the number of attack attempts between November 28 and December 4, 2016, making the SQL Slammer worm one of the top malware identified in this time period.

The IP addresses that started the biggest number of attack endeavors identified with the Slammer worm are enrolled in China, Vietnam, Mexico, and Ukraine, as appeared:

The attack trials recognized by CheckPoint were coordinated to a substantial assortment of destination countries (172 nations altogether), with 26% of the attacks being towards arranges in the United States. This shows a wide rush of attacks instead of a focused on one.

In spite of the Slammer worm was fundamentally spread amid 2003, and has scarcely been seen in the wild in the course of the most recent decade, the huge spike in engendering attacks that was seen in checkpoint information demonstrates that worm is attempting to make a rebound.

Temporary Mitigations

Since the worm does not taint any files, an infected machine can be cleaned by just rebooting the machine.

Be that as it may, it will soon get re-contaminated if the machine is associated with the system without applying significant patches for MS SQL Server.

Also Read:

  1. Press F3 for Money: “Plautus” Dangerous ATM Malware Discovered.
  2. DOS attack on Mac OS – Push fake alarms to Scare Users

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Lumma Stealer Attacking Users To Steal Login Credentials From Browsers

Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a disguised…

1 day ago

New ‘OtterCookie’ Malware Attacking Software Developers Via Fake Job Offers

Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated attack…

1 day ago

NjRat 2.3D Pro Edition Shared on GitHub: A Growing Cybersecurity Concern

The recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms in…

1 day ago

Palo Alto Networks Vulnerability Puts Firewalls at Risk of DoS Attacks

A critical vulnerability, CVE-2024-3393, has been identified in the DNS Security feature of Palo Alto…

1 day ago

Araneida Scanner – Hackers Using Cracked Version Of Acunetix Vulnerability Scanner

Threat Analysts have reported alarming findings about the "Araneida Scanner," a malicious tool allegedly based…

2 days ago

A Dark Web Operation Acquiring KYC Details TO Bypass Identity Verification Systems

A major dark web operation dedicated to circumventing KYC (Know Your Customer) procedures, which involves…

2 days ago