Fact-checked by Grok 2 weeks ago

SQL Slammer

The , also known as Sapphire, was a highly virulent that exploited a vulnerability in 2000 and Microsoft Desktop Engine (MSDE) 2000 resolution service, allowing it to propagate via a single 404-byte packet sent to port 1434. First detected on January 25, 2003, at approximately 05:30 UTC, the worm contained no destructive payload beyond its mechanism, which relied on random scanning to identify and infect unpatched systems without requiring any user interaction or response from the target. Notable for its unprecedented speed, SQL Slammer doubled its infected host count every 8.5 seconds on average, achieving a peak scanning rate of over 55 million probes per second and infecting approximately 90% of vulnerable machines—estimated at over 75,000 hosts—within just 10 minutes of outbreak. This bandwidth-limited propagation, in contrast to latency-bound worms like , overwhelmed global networks, generating a significant portion of at its height and causing widespread denial-of-service disruptions. The vulnerability it targeted had been publicly disclosed and patched by in July 2002 via Security Bulletin MS02-039, with an updated patch released in October 2002, yet many systems remained unpatched due to administrative oversights. The worm's impact extended far beyond mere infection, triggering cascading failures in : it led to the shutdown of networks, cancellation of flights (including at major hubs like London's Heathrow), disruption of services in several U.S. regions, and interference with online elections in South Korea. In one high-profile case, it infiltrated the corporate of the Davis-Besse Station in , disabling safety monitoring systems for nearly five hours and highlighting vulnerabilities in industrial control systems that were connected to the via an unauthorized link. No or long-term damage to infected systems was reported, but the event underscored the risks of unpatched software in interconnected environments, prompting to re-release patches and emphasize proactive security measures.

Introduction

Overview

The SQL Slammer worm, also known as Sapphire, is a computer worm that targeted systems running Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 by exploiting a buffer overflow vulnerability in their resolution service. The worm consisted of an exceptionally compact 376-byte payload, with no destructive or malicious components beyond its code for self-replication, making its propagation the sole objective. This minimalist design allowed for extremely efficient transmission via UDP packets totaling 404 bytes including headers, bypassing the need for TCP handshakes that slowed earlier worms. Released slightly before 05:30 UTC on January 25, 2003, SQL Slammer achieved unprecedented propagation speed, doubling its infections every 8.5 seconds in the initial phase and compromising over 90% of vulnerable hosts within 10 minutes. It ultimately infected at least 75,000 servers worldwide, with a lower bound of 74,856 distinct IP addresses observed in the first 30 minutes alone. Infected hosts scanned randomly for new targets at an average rate of 4,000 attempts per second, peaking at 26,000 per second on individual machines, which collectively drove global scan rates to over 55 million per second and saturated networks with up to 10% of total at its height. SQL Slammer emerged amid the early 2000s epidemic of internet worms, succeeding threats like in —which infected around 359,000 hosts but doubled only every 37 minutes—and , which relied on larger payloads and slower multi-vector spreading. Unlike its predecessors, Slammer's UDP-based, uniform scanning mechanism and tiny size enabled it to outpace them dramatically, marking it as a landmark in evolution for demonstrating how minimal code could overwhelm global infrastructure.

Discovery and Initial Release

The SQL Slammer worm, also known as Sapphire, exploited a vulnerability in 2000 and Microsoft Desktop Engine (MSDE) 2000 that had been publicly disclosed six months earlier. Security researcher David Litchfield identified the flaw during a and reported it to on July 4, 2002, leading to the release of patch MS02-039 on July 24, 2002. Despite the availability of the patch, many systems remained unpatched, setting the stage for the worm's rapid emergence. The worm began infecting hosts slightly before 05:30 UTC on , , originating from an unknown source, possibly a developer's test environment where it escaped during testing. Early infections were particularly severe in , identified as the epicenter of the initial outbreak, though investigators traced activity beyond its borders. Network monitoring tools at organizations like the Cooperative Association for Internet Data Analysis (CAIDA) and NetScout quickly detected the anomaly, observing a surge in unsolicited packets targeting port 1434, the resolution service port for SQL Server instances. In its initial phase, the worm's propagation was extraordinarily fast due to its minimalist design: a self-contained 376-byte that required no or , simply scanning random addresses for vulnerable hosts. It doubled the number of infected hosts every 8.5 seconds on average, achieving a peak scanning rate of over 55 million probes per second across the within approximately . This undirected, random scanning—lacking any targeting logic or beyond replication—prevented immediate attribution to a specific or location, allowing the worm to infect over 90% of vulnerable systems worldwide in under 10 minutes before network congestion began to limit its growth.

Technical Details

Vulnerability Exploited

The SQL Slammer worm exploited a buffer overflow vulnerability in the Microsoft SQL Server Resolution Service, which listens on UDP port 1434 for client requests to identify the port number of SQL Server instances running on a target machine. This service processes incoming queries using the SQL Server Resolution Protocol (SSRP), but a flaw in its handling of oversized or malformed packets allowed attackers to overwrite adjacent memory regions, leading to either a stack-based or heap-based overflow that could enable arbitrary code execution. The permitted remote code execution without requiring or user interaction on the target system; a single, specially crafted 404-byte packet (containing a 376-byte ) could trigger the and inject malicious code, granting the attacker full control over the compromised server. Specifically, packets beginning with the byte 0x04 could cause a by copying data beyond buffer boundaries into the call stack, while those starting with 0x08 targeted the heap, both scenarios allowing memory manipulation sufficient for . SQL Slammer specifically exploited the variant. Security researcher David Litchfield of Next Generation Security Software Ltd. discovered the flaws and privately notified on May 17, 2002, following responsible disclosure practices. publicly acknowledged the issue and released patch MS02-039 on July 24, 2002, which addressed the handling in the ssnetlib.dll library to prevent overflows. Litchfield then published full technical details, including proof-of-concept exploit code, on the BugTraq mailing list on July 25, 2002, to raise awareness. The affected products included SQL Server 2000 across all service packs and the Desktop Engine (MSDE) 2000, a lightweight version of SQL Server often embedded in third-party applications without administrators' knowledge. Systems were particularly at risk because the Resolution was enabled by default on port 1434, which was exposed to the in many configurations, especially on servers with dynamic or non-standard SQL ports. Despite the availability of the patch, adoption remained low in the intervening months, leaving a significant number of installations vulnerable due to patching challenges in enterprise environments and oversight of MSDE deployments.

Propagation Mechanism

Upon infection, the SQL Slammer worm executes its compact code directly in memory, immediately beginning the propagation process by generating random 32-bit addresses using a seeded by the system's tick count via the function GetTickCount. The worm then constructs and sends identical packets containing the 376-byte payload (totaling bytes including headers) to port 1434 on these randomly selected targets, exploiting the Resolution to trigger a and replicate itself without requiring any response or from the victim host. This self-propagation cycle is driven by the infected host running the worm's assembly code in a tight loop (utilizing multiple sockets), performing continuous scanning and packet transmission to maximize infection attempts without significant delays. Each successful infection on a vulnerable system repeats the exact process, creating a feedback loop that amplifies the number of active propagators exponentially. The worm performs no writes to the file system and maintains no persistence mechanism beyond RAM, allowing it to operate transiently and evade detection through disk-based forensics while relying on the stateless nature of UDP for rapid, low-overhead delivery that often circumvents firewalls configured to block TCP connections. The scanning efficiency stems from its uniform random selection of target IP addresses across the entire 32-bit space, avoiding preferential targeting and enabling broad, unpredictable coverage that fuels fast geometric growth. Infected hosts could generate up to 26,000 scans per second, saturating typical 100-Mbps network interfaces and consuming peak bandwidth of approximately 75-100 Mbps per host, though higher rates were possible on faster hardware, contributing to the worm's ability to infect over 90% of vulnerable systems within 10 minutes. Reflecting its minimalist design, the worm's 376-byte contains only essential logic—a flawed linear congruential for IP selection, socket creation via ws2_32.dll, and packet transmission routines—with no backdoor functionality, capabilities, or additional payloads, prioritizing sheer replication speed over complexity.

Impact

Immediate Network Effects

The SQL Slammer worm generated a massive volume of unsolicited packets during its propagation, creating a distributed denial-of-service (DDoS)-like effect that flooded networks worldwide. Infected hosts collectively produced scanning traffic at a peak rate exceeding 55 million packets per second, saturating on backbones and edge networks. This flooding led to widespread , with global rates approaching 20% shortly after the worm's release at approximately 12:30 a.m. on , 2003, compared to a normal baseline below 1%. The intense packet storm overwhelmed routers and switches, causing numerous hardware failures and service disruptions. routers, in particular, experienced crashes due to the high ingress rates, with reports of devices rebooting or entering failure states under the load. This contributed to continental-scale blackouts, such as near-total shutdowns in —where up to 70% of online users were affected for nearly half a day—and widespread network failures across parts of and . The worm's rapid saturation of vulnerable hosts exacerbated these effects, infecting over 90% of susceptible systems within 10 minutes of activation, with measurements identifying at least 74,856 distinct infected IP addresses globally. As infection rates peaked and fewer uninfected targets remained, scanning traffic volumes declined sharply, reducing the overall flood intensity after about three minutes at maximum. Estimates of total infected servers ranged from 75,000 to 200,000, primarily those running unpatched 2000. While the worm itself caused no direct or deletion on infected machines, its flooding resulted in collateral service denials, including temporary outages for reliant on stable connectivity. Observations from the Cooperative Association for Internet Data Analysis (CAIDA) and other monitoring efforts confirmed these spikes in anomalous UDP traffic on port 1434, highlighting the worm's role in amplifying global performance degradation without targeting specific victims.

Affected Sectors and Regions

The SQL Slammer worm caused severe disruptions across multiple regions, with experiencing the most intense impacts due to its high internet penetration at the time. The outbreak led to widespread outages in the country's high-speed and mobile networks, affecting an estimated 27 million users and halting online access for up to 12 hours in many areas, which equated to over half of 's subscribers being unable to connect. Broader effects rippled through the , , and other parts of , where slowed global internet traffic and triggered localized service interruptions. In the transportation sector, the worm's network overloads crippled critical systems, forcing airlines like to abandon automated processes and revert to manual operations using and pens, resulting in flight delays and cancellations across their network. Similar issues affected other carriers, including , where booking and reservation systems failed, exacerbating travel chaos during peak weekend hours. Financial services faced significant downtime, particularly at , where the worm overwhelmed servers and rendered approximately 13,000 ATMs inoperable for much of the day, preventing cash withdrawals and disrupting customer access to funds across the U.S. and military infrastructure also suffered. Academic and consumer sectors reported additional fallout, with university networks like that of the affected by Slammer traffic; intrusion detection tools were used to detect and mitigate the anomalous packets. Economically, the worm's disruptions resulted in estimated between $750 million and $1.2 billion globally, driven primarily by lost productivity, system recovery efforts, and operational rather than any malicious capable of theft or direct financial harm.

Response and Mitigation

Patching and Containment Efforts

responded to the SQL Slammer worm by issuing a public statement on January 25, 2003, identifying the threat as targeting unpatched SQL Server 2000 and Desktop Engine (MSDE) 2000 systems. The company reiterated the urgency of applying the MS02-039 security patch, originally released in July 2002 to address the underlying vulnerability in the SQL Server Resolution Service, and provided an updated version with a simplified installer to facilitate rapid deployment. Additionally, offered free through its Product Support Services hotline and directed users to a dedicated security webpage with deployment guidance and tools. To contain the worm's propagation, network administrators and security teams focused on blocking port 1434, the port used by the SQL Server Resolution Service for the worm's scanning and attempts, at firewalls and border routers. This measure effectively prevented inbound and outbound traffic associated with the exploit, minimizing further spread without broadly disrupting legitimate SQL operations in secured environments. Intrusion detection systems (IDS) were also deployed to monitor and filter the characteristic scan traffic, allowing real-time identification and blocking of infected hosts attempting random probes. Cleanup of infected systems proved straightforward due to the worm's memory-resident nature, requiring no file modifications or persistent artifacts. Restarting affected SQL servers evicted the worm from RAM, restoring normal functionality in most cases, though unpatched systems risked rapid reinfection if reconnected to the network. Community efforts played a critical role in containment, with the (CERT/CC) issuing Incident Note IN-2003-03 and Advisory CA-2003-04 shortly after the worm's detection on January 25, 2003, providing detailed analysis, propagation details, and protective recommendations to global responders. Major Internet service providers (ISPs), including and , swiftly implemented and port-blocking filters to throttle UDP 1434 traffic across their networks, reducing congestion and aiding recovery in affected regions. Patch adoption prior to the worm's outbreak was notably low, contributing to the rapid infection of tens of thousands of hosts. In the aftermath, organizations accelerated patching efforts, driven by the demonstrated reinfection risks and coordinated guidance, significantly curbing threats.

Long-term Security Lessons

The SQL Slammer worm, also known as , underscored the critical need for a cultural shift toward proactive patching in organizational security practices. Despite releasing a for the underlying vulnerability in SQL Server 2000 on July 24, 2002, many systems remained unpatched by January 2003, allowing the worm to spread rapidly and infect over 75,000 vulnerable hosts worldwide. This incident highlighted the dangers of delayed updates, prompting corporations to revise policies for timely , including the establishment of centralized patch deployment teams and automated testing protocols to minimize deployment risks. As a result, enterprises increasingly adopted risk-based patching strategies, prioritizing high-impact vulnerabilities in database software to prevent similar outbreaks. In network design, SQL Slammer's reliance on UDP port 1434 for propagation emphasized the importance of enhanced filtering and traffic controls to mitigate worm amplification. The worm's ability to generate up to 55 million scans per second overloaded networks, demonstrating how unfiltered UDP traffic could amplify denial-of-service effects even without direct host compromise. Security experts subsequently advocated for ingress and egress firewall rules to block unnecessary UDP ports, rate limiting on border routers, and network segmentation to isolate database servers from public-facing infrastructure. These measures, including dedicated machines for UDP services and quality-of-service prioritization for administrative traffic, became standard recommendations to reduce the blast radius of future self-propagating malware. The worm's unprecedented speed—doubling its infection rate every 8.5 seconds and saturating 90% of vulnerable hosts within 10 minutes—inspired significant advancements in cybersecurity research on propagation models. CAIDA's collaborative analysis with institutions like UC San Diego and ICSI provided empirical data on random scanning techniques, leading to refined mathematical models for predicting worm spread in large-scale networks. This work contributed to the development of early malware simulation tools, such as those simulating uniform random scans, which informed defensive strategies like early detection via anomaly-based intrusion systems. Ongoing studies built on these findings to model hybrid worm behaviors, enhancing preparedness for fast-spreading threats. SQL Slammer's infection of , notably disabling safety monitoring systems at the Davis-Besse for nearly five hours due to an unpatched server, prompted heightened regulatory scrutiny and audits. The incident, which bypassed firewalls via a contractor's T1 line, led to a congressional inquiry by Rep. Edward Markey, questioning the Nuclear Regulatory Commission's (NRC) oversight of cybersecurity in nuclear facilities. In response, the NRC issued Information Notice 2003-14, alerting all licensees to similar risks and initiating pilot studies at four plants to develop cybersecurity guidelines in collaboration with the Nuclear Energy Institute. This event influenced broader standards for patch management in , emphasizing mandatory vulnerability assessments and automated update mechanisms to safeguard . As a legacy, SQL Slammer served as a pivotal for database , revealing the low barrier to entry for crafting efficient —its entire fit in a 404-byte packet—without requiring complex exploits or payloads. This simplicity exposed flaws in perimeter-based defenses, driving the adoption of defense-in-depth principles, including regular vulnerability scanning tools like Microsoft's Baseline Security Analyzer. The event reinforced the necessity for zero-trust architectures by illustrating how internal unpatched systems could propagate threats laterally, influencing modern practices that assume breach and verify all access rigorously. Overall, it catalyzed a toward continuous monitoring and resilient infrastructure design in enterprise environments.

References

  1. [1]
    [PDF] Inside the slammer worm - UCSD CSE
    Aug 1, 2001 · Slammer (sometimes called Sapphire) was the fastest computer worm in history. As it began spreading throughout the Internet, the worm.Missing: impact | Show results with:impact
  2. [2]
    The Spread of the Sapphire/Slammer Worm - CAIDA
    The Sapphire Worm was the fastest computer worm in history. As it began spreading throughout the Internet, it doubled in size every 8.5 seconds.Introduction · Sapphire: A Random... · Why Sapphire Was So FastMissing: impact | Show results with:impact
  3. [3]
    Microsoft Statement on the "Slammer" Worm Attack - Source
    Jan 25, 2003 · A worm, named Sapphire or Slammer, was targeting computers running Microsoft SQL Server 2000 and MSDE 2000 systems.
  4. [4]
    Microsoft Security Bulletin MS02-039 - Critical
    Note: The patch released with this bulletin is effective in protecting SQL Server 2000 and MSDE 2000 against the "SQL Slammer" worm virus. However, this ...
  5. [5]
    Slammer Worm and David-Besse Nuclear Plant - Stanford
    Jul 16, 2015 · One of the greatest effects of the Slammer worm, which wreaked havoc worldwide by clogging Microsoft servers, occurred at a nuclear plan in Ohio ...Missing: impact | Show results with:impact
  6. [6]
    [PDF] Let's Slam SQL: The Slammer Worm and Lessons Learned
    Mar 20, 2003 · It did, however, cause serious damage by making use of as much bandwidth as possible in order to scan other systems. It also had the unfortunate ...
  7. [7]
    [PDF] David Litchfield - hat briefings
    Unauthenticated SYSTEM compromise of Microsoft's SQL Server 2000. David Litchfield. (david@ngssoftware.com). 4th July 2002 www.ngssoftware.com.Missing: disclosure MS02- 039
  8. [8]
    Remembering SQL Slammer - NetScout Systems
    Jan 27, 2023 · SQL Slammer was a 376-byte UDP worm that rapidly infected ~75K SQL servers, causing a near internet meltdown by saturating networks.Missing: technical size
  9. [9]
    Internet Recovering From Slammer - eWeek
    Jan 25, 2003 · Meanwhile, investigators at the epicenter of the attack in South Korea said they had traced the origin of the worm beyond that countrys borders.
  10. [10]
    'Microsoft SQL Server 2000 Unauthenticated System Compromise ...
    Jul 25, 2002 · For more information about buffer overflows please read http://www.ngssoftware.com/papers/ntbufferoverflow.html http://www.ngssoftware.com ...
  11. [11]
    SQL Slammer – 10 years Later - Secureworks
    On January 25, 2003, the first reports of a new worm began to emerge. The rapid spread of Slammer, which at 376 bytes is small enough to fit in a single tiny ...Missing: Korea | Show results with:Korea
  12. [12]
    Laborious Updates Leave SQL Databases Unpatched - eWeek
    Feb 3, 2003 · The Redmond, Wash., developer released last July patch MS02-039 to fix a known vulnerability in its SQL Server database and wrapped it into ...
  13. [13]
    [PDF] SQL Slammer Worm - GIAC Certifications
    Apr 7, 2003 · The worm infects a victim machine and uses that machine to propagate itself to other machines through the network.
  14. [14]
    https://www.cert.org/historical/advisories/ca-2003-04.cfm
  15. [15]
    [PDF] MS SQL Slammer/Sapphire Worm - GIAC Certifications
    Jun 6, 2003 · Slammer's method of spreading is by random scanning IP addresses to infect, and finding all vulnerable hosts. The scanning produces a large ...
  16. [16]
    [PDF] Analysis of the “SQL Slammer” worm and its effects on Indiana ...
    By randomly creating packets with destination IPs in the multicast address space the SQL Slammer worm caused this state to increase by an order of magnitude.
  17. [17]
    Update: Slammer worm slugs Internet, slows Web traffic
    Jan 25, 2003 · A new worm that has been attacking a known vulnerability in Microsoft SQL 2000 Web servers and that has been slowing down or halting Internet ...Missing: 10-20% Cisco routers
  18. [18]
    'Slammer' Worm Slows Global Internet Traffic - China.org
    Experts called it the most damaging attack on the Internet in 18 months as networks across Asia, Europe and America were effectively shut down. Even though ...
  19. [19]
    Flashback Friday: SQL Slammer - WeLiveSecurity
    Sep 30, 2016 · On Saturday 25 th January 2003, the internet was hit by a rapacious computer worm now known as SQL Slammer. Spreading like wildfire over the internet via a bug ...
  20. [20]
    The 10 Most Destructive PC Viruses of All Time | CRN
    Jul 7, 2006 · However, it hit 500,000 servers worldwide, and actually shut down South Korea's online capacity for 12 hours. SQL Slammer, also known as ...
  21. [21]
    South Korea falls victim to Internet worm - The Irish Times
    Jan 26, 2003 · Authorities in South Korea issued a security alert today against a fast-spreading computer "worm" that prompted major delays in global web ...Missing: infection | Show results with:infection<|control11|><|separator|>
  22. [22]
    Slammer - The Virus Encyclopedia - Wikidot
    Continental Airlines resorted to pens and paper to record reservations and tickets. The airline had to delay and cancel some flights, though no delays lasted ...Missing: Airways | Show results with:Airways
  23. [23]
    Counting the cost of Slammer - CNET
    Jan 31, 2003 · Many security experts argue, however, that while SQL Slammer is easier to clean up, the worm was worse overall than Code Red--which attacked ...
  24. [24]
    "Slammer" worm chokes the internet | New Scientist
    Jan 27, 2003 · In the US, the worm disrupted the Bank of America's computer systems rendering most of its 13,000 ATM cash point machines unusable. Phil Huggins ...
  25. [25]
    "SQL Slammer" Worm Races through Internet; Hits Online Banking ...
    Feb 4, 2003 · "SQL Slammer" Worm Races through Internet; Hits Online Banking, ATMs ... But Bank of America said about 13,000 of its ATMs refused to ...
  26. [26]
    [PDF] The MINDS - Minnesota Intrusion Detection System
    Most of the top ranked connections shown belong to the SQL Slammer / Sapphire ... The University of Minnesota network security analyst has been using MINDS to.
  27. [27]
    Slammer | Malware Database Wikia - Fandom
    Continental Airlines resorted to pens and paper to record reservations and tickets. The airline had to delay and cancel some flights, though no delays ...Missing: Airways | Show results with:Airways
  28. [28]
    Counting the cost of Slammer - ZDNET
    Feb 3, 2003 · Technology market researcher Computer Economics estimates that the worm cost between $750m and $1bn to clean up, said Mark McManus, vice ...Missing: impact | Show results with:impact
  29. [29]
    MS SQL Worm Mitigation Recommendations - Cisco
    Jan 25, 2003 · Thus far the best mitigation is to block inbound and outbound traffic destined to the UDP port 1434. You must be careful to minimize the impact ...
  30. [30]
    Worm:W32/Slammer | F-Secure
    Worm:W32/Slammer was first detected on the Internet on 25th of January 2003 at 05:30 GMT. After that it was detected in most countries around the world. However ...
  31. [31]
    [PDF] CERT® Coordination Center 2003 Annual Report
    The CERT/CC published information about the worm and advice on protecting systems in IN-2003-03. • MS-SQL Server Worm/W32.Slammer. Intruders used a piece of ...Missing: alerts | Show results with:alerts
  32. [32]
    SQL Slammer Hits Web Hard - Redmond Channel Partner
    Jan 27, 2003 · ... Slammer worm doesn't affect SQL Server 7.0. The vulnerabilities also affect the Microsoft Desktop Engine 2000 (MSDE 2000), which is ...
  33. [33]
    Decoding the lessons of Slammer - CNET
    Mar 4, 2003 · A viral one-two punch--the Code Red and Nimda worms--convinced Microsoft in mid-2001 that security needed to become its top priority.
  34. [34]
    SQL Slammer Lessons - Adiscon
    Jan 27, 2003 · If you need a good argument to justify the cost to your management: count the traffic generated by the worm and calculate the expense of it.Missing: per | Show results with:per
  35. [35]
    [PDF] Lessons Learned during the Handling of the SQL Slammer Worm
    Aug 14, 2003 · There were many Microsoft SQL servers in operation that were not up-to-date with patches, and many administrators whose systems were infected ...
  36. [36]
    Analysis of the Sapphire Worm - A joint effort of CAIDA, ICSI, Silicon ...
    Aug 3, 2020 · The worm will craft packets of 376-bytes and send them to randomly chosen IP addresses on port 1434/udp. If the packet is sent to a vulnerable ...Missing: early detection
  37. [37]
    [PDF] Rep. Markey Ltr re Infection of Davis Besse Nuclear Plant by ...
    Nov 5, 2003 · The Slammer worm attacked the plant's Microsoft SQL 2000 server, and successfully infected it because plant computer engineers had failed to ...Missing: Monthan Air Base
  38. [38]
    Throwback Attack: The slammer worm hits Davis-Besse nuclear plant
    Apr 20, 2023 · According to Risi Data, this worm exploited a vulnerability in Microsoft's SQL Server 2000 and took advantage of the systems running on ...
  39. [39]
    SQL Slammer 16 years later: Four modern-day scenarios that could ...
    Jan 31, 2019 · It's been 16 years since the SQL Slammer worm struck on January 25, 2003. It was the fastest spreading computer worm in history, and surprisingly nothing has ...Missing: blackouts | Show results with:blackouts