SLAMMER WORM: THE FASTEST SPREADING BOMBSHELL ON THE INTERNET
What is a computer virus?
Of primary concern is as to what a computer virus is. A virus is a computer program that by your help or by attaching itself to some other program is able to move from one computer to another. Typically these programs are often malicious rather than beneficial even if they have no payload associated with them as they snatch away the system resources. There are several classes of code that fall under the category “virus”. Not all of them are strictly virus in technical terms; some of them are Worms and Trojan horses.
What is a computer worm?
Worms are self replicating programs that do not infect other programs as viruses do; however they create copies of themselves which in turn create copies again, thus hogging the memory resources and clogging the network. Worms are usually seen on networks and multiprocessing OS’s.
What is a Trojan horse?
Trojan Horses are named after the mythical horse that delivered soldiers into the city of Troy. Thus they are programs acting as delivery vehicles; programs that do something undocumented, something that they conceal about at the time of delivery. Thus they disguise their real motive behind some seemingly showy one and ask user to do something at the execution of which some actions are taken which are desperately unwanted by the user.
Slammer Worm: A glance onto the facts.
Slammer (sometimes called Sapphire) was the fastest computer worm in history. As it began spreading throughout the Internet, the worm infected more than 90 percent of vulnerable hosts within 10 minutes, causing significant disruption to financial, transportation, and government institutions and precluding any human-based response. In this seminar, I wish to describe how it achieved its rapid growth, dissect portions of the worm to study some of its flaws, and look at the defensive effectiveness against it and its successors. Slammer began to infect hosts on Saturday, 25 January 2003, by exploiting buffer-overflow vulnerability in computers on the Internet running Microsoft's SQL Server or Microsoft SQL Server Desktop Engine (MSDE) 2000. David Litchfield of Next Generation Security Software discovered this underlying indexing service weakness in July 2002; Microsoft released a patch for the vulnerability before the vulnerability was publicly disclosed. Exploiting this vulnerability, the worm infected at least 75,000 hosts, perhaps considerably more, and caused network outages and unforeseen consequences such as canceled airline flights, interference with elections, and ATM failures (see Figure).
Figure1. The geographical spread of Slammer in the 30 minutes after its release. The diameter of each circle is a function of the logarithm of the number of infected machines, so large circles visually under represent the number of infected cases in order to minimize overlap with adjacent locations. For some machines, we can determine only the country of origin rather than a specific city. Slammer's most novel feature is its propagation speed. In approximately three minutes, the worm achieved its full scanning rate (more than 55 million scans per second), after which the growth rate slowed because significant portions of the network had insufficient bandwidth to accommodate more growth. Although Stuart Staniford, Vern Paxson, and Nicholas Weaver had predicted rapid-propagation worms on theoretical grounds, Slammer provided the first real-world demonstration of a high-speed worm's capabilities. By comparison, Slammer was two orders of magnitude faster than the Code Red worm, which infected more than 359,000 hosts on 19 July 2001, and had a leisurely 37 minutes of population doubling time. While Slammer had no malicious payload, it caused considerable harm by overloading networks and disabling database servers. Many sites lost connectivity as local copies of the worm saturated...