"Sapphire" - "SQL Slammer" Worm

You may have noticed your server may have been unreachable Saturday (02/02/03) morning. A Malicious worm (named "Sapphire" / "SQL Slammer" worm ) was attacking Microsoft Windows Machines running SQL Server 2000 on all the major backbone providers. W32.SQLExp.Worm is a Category 3 worm that targets servers
running Microsoft SQL. The worm sends 376 bytes to port 1434/udp (the SQL Server Resolution Service Port). The virus-like attack, which began about 12:30 a.m. EST, sought out vulnerable computers on the Internet to infect using a known flaw in the database software from Microsoft Corp., SQL Server 2000. But the attacking software was scanning for victim computers so randomly and so aggressively - sending out thousands of probes a second - that it saturated many Internet data pipelines. We blocked UDP port 1434 in our firewall at 12:45 a.m., but due to the large number of packets it sends out, the worm has the unintended payload of performing a Denial of Service Attack on several large networks. The issue is now resolved by our network
provider UUNET and your server should be running fine now.

You can read more about the issue at the following URLs:

Article One

Article Two

Article Three

Article Four

Article Five


Thank you for your patience.
 
E-Mail Us!