Slammer Effect Could Last For Another Week

New Delhi: | Updated: Jan 28 2003, 05:30am hrs
The impact of the new worm on the prowl called Slammer could last for another week in India, according to anti-virus security solution provider Securescrypt.

The worm attacks systems that use Microsoft SQL Server 2000, allowing affected SQL Servers to send the malicious packet to other SQL servers and thereby causing a slowdown, or even failure, in the affected network.

Internet service provider (ISP) Net4India has been impacted by the worm, which is similar to Code Red.

According to this ISP CEO Jasjit Sahwney almost 8 of its big customers using Microsoft server were impacted.

This is basically because these users did not use a patch for this worm, Mr Sahwney said.

According to industry sources, the worm is likely to hit business-to-business (B2B) transactions, messaging services and IT-enabled services (ITES).

This is a worm discovered in July 2002 and we had sent out service packages with patches as well as communicated to customers about the worm. Some people might not have deployed the patches and hence they are most likely to be hit. In India, we have been sending CDs to users with an updation on this worm, a Microsoft spokesperson told eFE.

When contacted companies like Hughes Software Services, Cisco India, Baan India, Nucleus India denied any impact of the worm on their operations.

Even assocations like Manufacturers Assocation of Information Technology (MAIT) and National Association of Software Services Companies (Nasscom) did not report any impact on their member companies.

Indian companies have been hit in terms of their network being clogged by the spread of this virus. ISPs reported a sudden surge in traffic that jammed their networks as a result of which legitimate users were not able to access online services, Trend Micro technical consultant Shams Islam said.

This worm is similar to the Code Red worm, which attacked unpatched Microsoft IIS servers in 2001 and defaced Web pages with the message Hacked by Chinese.

Computer Associates eSecurity Buisness national manager Vaidyanathan Iyer said, The worm does not infect files and does not send any e-mail out. It exists only in the memory of the successfully exploited system. Therefore, there is no file based anti-virus signature available to detect this worm.

The solution for this: companies should deploy updated patches on a regular basis.