BBC NEWS Americas Africa Europe Middle East South Asia Asia Pacific
BBCi NEWS   SPORT   WEATHER   WORLD SERVICE   A-Z INDEX     

BBC News World Edition
 You are in: Technology  
News Front Page
Africa
Americas
Asia-Pacific
Europe
Middle East
South Asia
UK
Business
Entertainment
Science/Nature
Technology
Health
-------------
Talking Point
-------------
Country Profiles
In Depth
-------------
Programmes
-------------
BBC Sport
BBC Weather
SERVICES
-------------
EDITIONS
Monday, 3 February, 2003, 11:35 GMT
Aggressive net bug makes history
Computer technician in South Korea
Technicians raced to repair infected systems
The Slammer worm that recently crippled the internet was the fastest spreading computer bug in history, say security experts.

An analysis of the attack has shown that the worm took just 10 minutes to spread across the world.

At its peak on 25 January, the malicious code caused scattered slowdowns in net traffic and effectively shut down the internet in South Korea, the world's most wired country.

The experts said the attack marked a "significant milestone in the evolution of computer worms," warning that these sorts of bugs "should be considered a standard tool in the arsenal of an attacker".

Fast-moving

The analysis published by the Cooperative Association for Internet Data Analysis (CAIDA) provides an insight into how fast the Slammer worm, also called Sapphire, spread across the internet.

The malicious code first appeared on the net around 0530 GMT on Saturday 25 January.

Technician in South Korea
Bug affected servers running Microsoft SQL software
The bug targeted a known flaw in Microsoft's SQL database software affecting servers rather than home computers and clogged up internet pipelines.

As it began spreading, it doubled in size every 8.5 seconds. Within 10 minutes it had infected more than 90% of vulnerable hosts, said the experts.

At its peak, achieved approximately three minutes after it was released, Slammer was carrying out 55 million scans per second across the internet.

Fortunately the bug did not contain a malicious payload - a set of computer commands designed to harm a machine.

Instead once the worm infected a server, it would send out multiple data requests in a random manner to other internet addresses, looking for more computers to infect.

Aggressive scanning

Slammer infected at least 75,000 hosts, perhaps considerably more said the experts, and caused network outages and such unforeseen consequences as cancelled airline flights and problems with cash machines.

It clearly demonstrates that fast worms are not just a theoretical threat, but a reality

CAIDA report
The worm spread twice as fast as the Code Red virus that affected 300,000 computers in July 2001.

The speed of infection was part of the reason why the bug had such a major impact in such a short time.

This was because Slammer contained a simple, fast scanner to find vulnerable machines in a small worm with a total size of only 376 bytes.

By using an internet protocol called UDP, it was able to aggressively send these scans without requiring an answer from the potential victim.

"Though very simple, Sapphire represents a significant milestone in the evolution of computer worms," said the report.

"Although it did not contain a destructive payload, Sapphire spread worldwide in roughly 10 minutes causing significant disruption of financial, transportation, and government institutions.

"It clearly demonstrates that fast worms are not just a theoretical threat, but a reality - one that should be considered a standard tool in the arsenal of an attacker," said the experts.

The report was put together by David Moore and Stefan Savage of the University of San Diego Department of Computer Science and Engineering, Vern Paxson of the ICSI Center for Internet Research in California, Colleen Shannon of CAIDA, and Stuart Staniford and Nicholas Weaver of computer security firm Silicon Defense.

See also:

27 Jan 03 | Technology
27 Jan 03 | Technology
26 Nov 02 | Technology
31 Jan 03 | Technology
Internet links:


The BBC is not responsible for the content of external internet sites

Links to more Technology stories are at the foot of the page.


 E-mail this story to a friend

Links to more Technology stories

© BBC ^^ Back to top

News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East |
South Asia | UK | Business | Entertainment | Science/Nature |
Technology | Health | Talking Point | Country Profiles | In Depth |
Programmes