Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home IT Management
    • IT Management

    Slammer Source Code Provides Clues

    By
    Dennis Fisher
    -
    January 27, 2003
    Share
    Facebook
    Twitter
    Linkedin

      As corporate IT departments go about the business of cleaning up their networks, there are strong indications that the SQL Slammer worm that brought down portions of the Internet over the weekend is based on the work of an obscure Chinese cracking group.

      Signatures within the worms source code indicate that a group known as the Honker Union of China—also known as the Hacker Union of China—may be responsible for writing the code, according to security experts who have analyzed the code. However, experts caution that although they are certain of the codes origins, someone else may have actually loosed the worm on the Internet.

      “Were 100 percent certain this was based on the CNHonker code,” said Chris Rouland, director of the X-Force research team at Internet Security Systems Inc., in Atlanta. “But that doesnt mean they released it.”

      Although the Honker Union has not yet claimed responsibility for the worm, it has posted on its Web site in the past several versions of an exploit for the vulnerability used by Slammer. The group has been quite active in pro-Chinese and anti-American hacking activity in the past and was involved in a U.S.-Chinese cyber-skirmish that erupted in early 2001.

      The worm did most of its damage in Asia, particularly South Korea, which was effectively taken off the Internet for several hours Saturday. And some experts have pointed out that the Slammer worm was released on the anniversary of a major offensive in the Korean War that began pushing back Communist Chinese forces that had penetrated South Korea.

      Despite the possible political motivations behind the worms release, White House security officials downplayed the idea that this was an act of terrorism.

      “Wed rather characterize terrorism as something that physically kills people,” said Marcus Sachs, director of communications infrastructure protection in the Office of Cyberspace Security in Washington. “There was no lasting damage done to the infrastructure. Wed like to see the term cyber-terror dropped.”

      Page Two

      : Slammer Source Code Provides Clues”>

      The worm, known variously as Slammer and Sapphire, hit the Internet around 12:30 a.m. Eastern on Saturday and began spreading quickly. Within the first hour, it had infected more than 50,000 machines, Rouland said. It continued to spread throughout the day Saturday and has now found its way into more than 200,000 machines, experts say. Its infection rate was much faster than the Code Red worm of 2001, even though there are far fewer SQL servers on the Internet than there are Web servers running the Microsoft Corp. IIS software that Code Red attacked.

      But, while Code Red continued to spread for several days, Slammer was contained relatively quickly. The shorter life-cycle is due to several factors, but much of it has to do with quick reactions from ISPs and large network operators who all agreed to block traffic on port 1434, which is the port Slammer uses to infect machines. This kind of wholesale filtering is virtually unheard of and would not have been possible with Code Red. Also, government agencies reacted much more quickly to Slammer than they did to previous attacks, thanks mainly to experience and help from private-sector security firms.

      “There was quite a bit of activity going on here,” said Sachs. “We first saw it, I think at the [National Communications System] at about 1 a.m., and by 3 a.m. or 4 a.m. everyone who needed to know was out of bed and notified.”

      Others agreed that the cooperation among the various ISACs, government agencies and private firms was key to the worms containment.

      “I was the first one to call the [National Infrastrucutre Protection Center] and that was at about 3:45 a.m., and we had a pretty good handle on the analysis by then,” said Pete Allor, director of operations for the Information Technology Information Sharing and Access Center and manager of the threat intelligence service at ISS. “We had the packet captures early, and the analysis was pretty straightforward. We talked to the Financial Services ISAC, [and] worked closely with the telecom folks, all of them.”

      Dennis Fisher

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×