SQL (“Sequel”) Slammer
You may have heard about a new worm rampaging around the Internet called W32/SQLSlammer. Microsoft become aware of this worm on Saturday (25/01/2003).
It attacks Microsoft SQL Server 2000 and MSDE 2000 systems which are vulnerable to a particular software fault. This, in turn, causes the infected system to attack other systems which generates an immense amount of traffic. Across the internet this traffic is causing slowdowns and denial-of-service.
If you are running Microsoft SQL Server 2000 or MSDE 2000, you should look into this further. Microsoft has Service Packs available to fix this problem (and you can also block particular types of traffic at your internet firewall). For technical information, see http://vil.nai.com/vil/content/v_99992.htm and http://support.microsoft.com/kb/813440.
You probably know if you have SQL Server but you may have MSDE without realising it because it ships with many other programs, including Microsoft Office. Symantec has created a tool to tell you if your system is vulnerable to the software fault: http://securityresponse.symantec.com/avcenter/FixSQLex.exe. However, it can't “fix” your system. Only installing the patch is a full remedy.
The prevalence of this worm again highlights the fact that virus protection alone is not enough to protect systems from malicious programs. Software updates play an important part in correcting problems which may be exploited. Operating systems, web browsers, email and applications must all be kept up-to-date.
SQL Slammer will probably burn itself out and disappear soon (like CodeRed) and most users will be at a very low risk anyway; but please use the Symantec tool to determine your vulnerability even if you do nothing else. SQL Slammer is somewhat harmless but history has shown that new, more potent viruses always follow after initial attacks.