[KLUG Advocacy] SQL slammer virus/worm hits Microsoft itself!

Justin Buist advocacy@kalamazoolinux.org
Tue, 28 Jan 2003 21:42:20 -0500 

On Tue, Jan 28, 2003 at 10:55:52AM -0500, Adam Tauno Williams wrote:
> >THAT'S HILLARIOUS!!!!
> >I'm gonna show that to the Microsoftie IT department here.
> 
> It is funny, but I'm confused.
> 
> What I read said that this particular bug attacks M$-SQL.  Does someone actually
> run a relational database server exposed to the Internet?  Why?  And, I'm sorry,
>  recently patched or not, that's beggin' for it.

Yes, it's begging for it, but it only takes one MS-SQL server that's connected
to the net and expoesed to totally fubar a corporate infrastructure.  I saw
it all come down Monday actually.  It was amazing.

We run a pretty tight shop, and even my own desk doesn't have real 'net access,
but the worm still got in.  Our coroporate network spans Grand Rapids,
Farmington Hills, Detroit, Offenbach <sp?> Germany, Neurenburn <sp> Germany,
Milan Italy, and a couple more locations in .de plus one or two in Australia.

I shall not name the company either... :)

Somewhere, somehow, the worm got it in, and NAILED our LAN.  The south office
in Grand Rapids couldn't even talk to the North Grand Rapids office for hours
on Monday.  The admins were on top of it, and nailed the problem and took
things offline that were causing problems, then nailed down the routers
between buildings, but it still cost us huge amounts of money I'd gather.  

The funny thing is -- we're not a Microsoft shop by any step of the
imagination.  There are -very- few SQL servers around, but they're all internal.
I'd wager a contractor came in somewhere into one of the offices over the
weekend with an infected laptop and spread the worm to be honest.  It got it,
then -BOOM-, game over.  The network's flooded and productivity dropped like
a stone in water.  Truely amazing.

Given what I know about our network and the very few SQL servers we have I 
was almost sure we'd be untouched by the worm, but infact the very
opposite was true.  Horrific really, from an IT standpoint.  

On a related note, I just got an email from a colleague asking if he could
put a program of sorts on his LinkSys router to figure out why the heck his
WAN light was blinking like crazy the past few days.  I gather he hadn't
heard about the worm yet. :)

Justin Buist