SQL sequel - worm rear its head after a decade

SQL Slammer,a fast-moving worm that generated a wave of distributed denial of service (DDoS) attacks in 2013, to the surprise it resumed high levels of activity in late 2016 after more than a decade of dormancy.


According to a company blog post Thursday, Check Point Software Technologies detected a " massive" surge in SQL Slammer attacks between Nov. 28 and Dec. 4, 2016. " What we' ve been seeing is not the actual worm, but its attempts to reach more servers," said Maya Horowitz, group manager, threat Intelligence at Check Point, in an email interview with SC Media." Therefore we cannot know for sure if any changes have been [made to] the worm or the vulnerabilities it exploits."


When it first surfaced in 2003, the worm managed to infect tens of thousands of servers and routers in a matter of minutes by exploiting a buffer overflow vulnerability (CVE-2002-0649) in Microsoft SQL Server 2000 or Microsoft SQL Server Data Engine 2000 &ndash both of which are no longer supported.


These infected, exploited machines would then bombard ransom IP addresses with an enormous stream of malicious packets that would infect other vulnerable systems, while simultaneously overloading Internet-based network devices with traffic.


Microsoft patched this vulnerability in Jan. 2003 and over the years has issued multiple new versions of the affected products. This makes these latest attacks ever stranger, because unless the worm has evolved in some way, it is hard to imagine that users remain susceptible to this threat.


" One theory to why it' s attempting to make acomeback is that cybercriminals are seeking easy ways to cause DoS and slow down the entire Internet, just like with the recent Mirai botnet," said Horowitz.

Tag : MySQL
FAQ
Q
what is unique index in SQL?
A
Unique indexes are used not only for performance, but also for data integrity. A unique index does not allow any duplicate values to be inserted into the table. The basic syntax is as follows.
Q
what are the popular tools of SQL?
A
Explain plan − tool identifies the access path that will be taken when the SQL statement is executed.

tkprof − measures the performance by time elapsed during each phase of SQL statement processing.
Q
what is sql and how it comes with database?
A
SQL is a database computer language designed for the retrieval and management of data in a relational database. SQL stands for Structured Query Language. This tutorial will give you a quick start to SQL. It covers most of the topics required for a basic understanding of SQL and to get a feel of how it works.
Q
Is SQL pronounced "S. Q. L." or "Sequel"?
A
I've heard people say both, but I get weird looks no matter what I say.

e: well shit, this is like the sit down/stand up wiping war all over again.
Q
What is the difference between SQL and sequel?
A
SQL stands for Structured Query Language and is pronounced as Sequel, and in early days it was also known as SEQUEL only.

IBM in early 1970s developed SEQUEL which stands for Structured English QUEry Langauge for their RDBMS. The acronym was later changed to SQL, as SEQUEL was already trademarked by some UK based aircraft company.