Early Saturday morning University of Maine System servers were attacked by a rapidly spreading computer worm known as “Sapphire” or “SQL Slammer” which slowed or halted Internet traffic all over the world.
The worm, which crashed almost all Internet services in South Korea according to Reuters, targeted a vulnerability in Microsoft SQL Server 2000. This is a popular database software used by some of the backbones of the Internet such as UUNet out of Texas, which was hit particularly hard by the attack. The worm propagates itself so quickly that it floods the networks and slows or potentially shuts them down.
Ron “Whoppo” Brown, system administrator for the USM Computer Users Group, said a patch released by the Microsoft Corporation last July could have protected servers worldwide from the worm. Brown is also Firewall Administrator at Maine Medical Center in Portland and is in charge of the hospital’s security and Internet connectivity.
“People didn’t know to keep the patch up-to-date,” he said. “This leads to vulnerability.”
The Symantic Corporation, an anti-virus software vendor, reported that over 22,000 systems worldwide were affected by Sapphire.
Brown said that UMS is very good at disconnecting machines that behave suspiciously; however, “It is a very daunting task.”
Brown explained that this particular worm tried to infect as many machines as possible, scanning entire networks for more machines to infect. The origin of UMS’s infection would be very difficult to ascertain.
“It could be anyone. It could be a student using SQL for a class, or a server someplace.”
The potential for other such attacks relates to administration, Brown said.
“We should take this as a learning experience to avoid reoccurrence,” he said. Brown suggested that people check for patches weekly to keep their computers’ operating systems up-to-date to avoid vulnerability.
Elise Adams can be contacted at [email protected]