W32.SQLExp.Worm, DDOS.SQLP1434.A, SQL Slammer Worm, W32 / SQLSlammer, Slammer, Sapphire, W32 / SQLSlam-A, SQL Hell, SQL Hammer or whatever you want to call it … the virus that has devastated most of the servers Microsoft of the computer world.
On all the first pages, the misadventure that has thrown all 14,000 Italian post offices on tilt, grappling with traditional problems as well as with salary payments.
But if the devastations produced by the virus were such as to impose the utmost attention also on the generalist press, the references to the perpetrators of the devastation were not equally explicit: a "suite" of Microsoft products, to be precise Microsoft SQL Server 7.0, SQL Server 2000, Microsoft Data Engine 1.0 and Microsoft Desktop Engine 2000. These are the "names and surnames" of the guardians who let only 376 bytes of "malicious" code pass on the UDP port 1434 (SQL Server Resolution Service).
When asked about it, the Microsoft managers did not fail to shield themselves, letting them know that problems like these can always happen and that the only solution is to keep their software always up to date. Too bad, it should be noted, that the various antiviruses arise only as a need subsequent to the emergence of ad-hoc programmed viruses by those who want to cause damage and that, in this specific case, the virus (or rather worm), albeit slightly different, was known since last summer. Even more unfortunate is the fact that the resulting remedies for their software were released by Microsoft only last October.
Going back to SQL Slammer, the worst infestation since Code Red and Nimda, would have overloaded 250,000 servers by requiring the sending of 8000 messages per hour.
The father of the worm is still unknown at the moment. Local polices from South Korea, Hong Kong and other countries are seeking it. Suspicion that it was generated by Honker Union of China, a group of oriental hackers.