The search is on for the authors of the now infamous SQL Slammer; or Sapphire worm, one of the most devastating cyber attacks in recent history.
Almost 250,000 computers around the world were infected with the worm, which crashed servers, severed connections, and clogged the Internet with worm-related traffic over the Jan. 25 weekend.
On Feb. 7, ZDNet published a post-slammer assessment of the worm virus, and determined that it infected more than 90 per cent of vulnerable computers within 10 minutes, a new speed record for a cyber attack. At that rate they estimate that infected servers were making more than 55 million scans a second, searching for computers with Microsofts SQL database software, exploiting a vulnerability that was discovered last summer. Microsoft did have a patch for the software that would have prevented Slammer from spreading, but it seems that you have to do more these days than just make a patch available you have to let IT departments know that a patch exists and why its in their best interest to download it immediately.
Even Microsoft was caught with its patches down. Although Microsoft claims that the worm did not cause any major problems in-house, the fact that they were infected at all suggests that a better system is needed to keep software security up to date.
Now for the really mind-blowing numbers: Experts are suggesting that the worm caused between $950 million and $1.2 billion in lost productivity. While computers and networks did not blow up and no information was lost, the fact that the Internet was down for almost a whole weekend caused significant lost productivity.
The Klez virus still takes the cake, causing $9 billion in lost productivity. Second is the LoveLetter virus, with a total of $8 billion.
What was so menacing about the Slammer worm is the fact that it spread so quickly security experts classify it as a "Warhol" type worm, which means it could infect the entire Internet within 15 minutes. Thats twice as fast as the Code Red virus that infected 359,000 computers in 2001.
Another scary thing is that the authors of the worm didnt leave any calling cards that might help the authorities locate them. Before Slammer, worm writers were often caught because they left clues behind in the coding of the worm program that enabled officials to track them down. With nothing in Slammer to give the author or authors away, IT administrators have to worry that another weakness will be found and exploited.
It may be a coincidence, but the attacks happened almost a year after Microsoft announced its Trusthworth Computing program, making security the software giants main concern.