Slammer

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Slammer
Threat Level Damage Distribution


Common name:	Slammer
Technical name:	W32/SQLSlammer
Threat level:	Medium
Alias:	W32/SQLSlammer.Worm, W32/SQLSLAM-A, W32/SQLSLAMER.Worm, WORM_SQULP1434.A, DDOS_SQLP1434.A, Sapphire, W32.SQLExp.Worm, Worm.SQL.Helkern
Type:	Worm
Effects:	It launches denial of service attacks against computers running the application SQL Server by sending multiple copies of the worm to the port 1434.
Affected platforms:	Windows XP/2000/NT/ME/98/95
First detected on:	Jan. 25, 2003
Detection updated on:	March 20, 2006
Statistics	No

Brief Description

Slammer is a worm with the following characteristics:

It only attacks servers running the application SQL Server.
It carries out its infection by exploiting a buffer overrun vulnerability in SQL servers that do not have Service Pack 3 installed.
Its strategy involves sending out multiple 376-bytes files, which contain the worm's code. By doing this, it collapses corporate networks and causes a denial of service (DoS).

Basic advice for protecting your computer against this worm is to download the patch released by Microsoft.

Indications that Slammer has affected a computer are:

The traffic through UDP port 1434 (SQL Server Resolution Service Port) increases.
The server slows down or even blocks.