Aliases: Worm.SQL.Slammer, W32/SQLSlammer.worm, W32/SQLSlam-A, Win32/SQLSlammer.worm, SQLSLAMMER.A,
Variants: Worm/SQL.Slammer.dmp, SQLSlammer.A, Win32:SQLSlammer, SQLSlammer, Win32.Worm.SQL.Slammer.A,

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 24 Jan 2003
Damage: Low

Characteristics: The W32.SQLExp.Worm application is classified as a worm that aims to infect systems using MS Desktop Engine 2000 and Microsoft SQL Server 2000 platforms.

More details about W32.SQLExp.Worm

When the W32.SQLExp.Worm program hits a vulnerable computer system, it sends itself to the Server Resolution Service of SQL, which listens on UDP port. The worm takes advantages of a buffer overflow vulnerability that enables a portion of computer memory to be overwritten. When the W32.SQLExp.Worm program does this, it opens in the similar security context as the server service of the SQL. The worm calls GetTickCount, API function, and utilizes the outcome as a necessity to randomly produce IP addresses. The Worm opens a socket on the contaminated computer and tries to repetitively send itself to UDP port on the IP addresses it has produced, by making use of an ephemeral source port. Since the worm doesn’t selectively hit the host in the subnet, huge amounts of traffic are the outcome.

The W32.SQLExp.Worm is a worm that aims the systems using Microsoft Desktop Engine (MSDE) 2000and Microsoft SQL Server 2000. The worm spreads 376 kilobytes to UDP port, the SQL port. The W32.SQLExp.Worm has the accidental payload of doing a Denial of Service hit due to the huge number of packets it spreads. Some antivirus software has given a tool to eliminate the infections of this worm. Try different kinds of antivirus, it is the simplest way to eliminate this threat. Because the W32.SQLExp.Worm lives in memory only and isn’t written to disk, the virus definitions don’t identify this threat. Customers are suggested to follow the safety measures to control w/ this threat.