Welcome to the Virus Encyclopedia of Panda Security.
Threat Level Damage Distribution
|Alias:||W32/SQLSlammer.Worm, W32/SQLSLAM-A, W32/SQLSLAMER.Worm, WORM_SQULP1434.A, DDOS_SQLP1434.A, Sapphire, W32.SQLExp.Worm, Worm.SQL.Helkern|
It launches denial of service attacks against computers running the application SQL Server by sending multiple copies of the worm to the port 1434.
|First detected on:||Jan. 25, 2003|
|Detection updated on:||March 20, 2006|
Slammer is a worm with the following characteristics:
- It only attacks servers running the application SQL Server.
- It carries out its infection by exploiting a buffer overrun vulnerability in SQL servers that do not have Service Pack 3 installed.
- Its strategy involves sending out multiple 376-bytes files, which contain the worm's code. By doing this, it collapses corporate networks and causes a denial of service (DoS).
Basic advice for protecting your computer against this worm is to download the patch released by Microsoft.
Indications that Slammer has affected a computer are:
- The traffic through UDP port 1434 (SQL Server Resolution Service Port) increases.
- The server slows down or even blocks.