Group Estimates Slammer Damage at $1 Billion -- Redmondmag.com

Group Estimates Slammer Damage at $1 Billion

By Scott Bekker
01/30/2003

A U.K.-based security firm is estimating that economic damage from the SQL Slammer worm is already over $1 billion, making it the ninth most damaging malware attack yet in the firm's estimation.

MI2g released the billion-dollar estimate on Thursday, which was an upward revision of a figure the group released earlier in the week. "It has also jumped in ranking from number 13 a few days ago to number 9 in terms of the worst malware attacks recorded by the mi2g Intelligence Unit," an mI2g spokeswoman said in a statement.

By mI2g's reckoning, Klez and Love Bug have been the most damaging viruses or worms to date by a large margin. Klez caused between $8 billion and $9.9 billion in damage; Love Bug, between $7.8 billion and $9.6 billion. Coming in third is SQL Slammer's distant cousin, Code Red, at an estimated $2.4 billion to $2.9 billion in damage. Other members of the billion-dollar club, in order, are Yaha, SirCam, BugBear, Mafia Boy and Melissa.

SQL Slammer exploits a vulnerability in SQL Server 2000 and MSDE 2000 that was patched by Microsoft six months ago. It flooded the Internet with traffic starting early Saturday morning. Tens of thousands of hosts were infected. Although many servers were patched over the weekend, the problem resurfaced as users booted up desktop systems to start the work week.

The MSDE is installed in many desktop applications, including some versions of Office XP, Visual Studio, Visio, Visual FoxPro and many non-Microsoft products.

The memory-resident worm, also known as Sapphire and SQL Hell, caused denial of service conditions on some machines, while slowing the Internet generally, especially in the United States and South Korea. The worm did not carry a destructive payload.

The worm took advantage of vulnerabilities in the SQL Server Resolution Service, fixed on July 24, 2002, in a patch distributed with Microsoft Security Bulletin MS02-039. Microsoft's security team recommended that users update their systems with Microsoft Security Bulletin MS02-061, released in October, because the more recent patch is a cumulative patch that includes the fixes in MS02-039 and other critical fixes. SQL Server 2000 Service Pack 3, released Jan. 17, are protects systems from the flaw exploited by the worm.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.