Dive Brief:
-
SQL Slammer, a computer worm that first appeared in January 2003, is back, according to Check Point, which detected a massive increase in the number of Slammer attack attempts between Nov. 28 and Dec. 4, 2016.
-
The sudden spike made SQL Slammer among the top malware detected in that timeframe, as the worm attacked targets in 172 countries.
-
SQL Slammer "exploits a buffer overflow vulnerability in Microsoft SQL Server 2000 or MSDE 2000" creating a denial of service-type environment with network packets flooding servers and routers, according to Checkpoint.
Dive Insight:
When SQL Slammer appeared in 2003 it launched a DDoS attack in which more than 75,000 networks were overloaded in about 10 minutes. Microsoft patched the worm back in 2003, so security experts are a bit baffled by why its suddenly emerged once again.
The incident serves as yet another reminder that though attack vectors may change, they never really go away. Cybercriminals may have sought to catch people and businesses off-guard by going back to an old bug many had since forgotten about.
Worms are particularly dangerous because they are programmed to spread malware automatically without human intervention.