SQL Slammer facts for kids
SQL Slammer was a computer worm that appeared in 2003. It caused big problems for the Internet by slowing down traffic and making many routers crash around the world. This worm spread super fast, infecting about 75,000 computers in just 10 minutes!
The SQL Slammer worm took advantage of a special mistake, called a buffer overflow bug, in Microsoft's SQL Server and Desktop Engine database programs. Microsoft had released a fix, called a "patch," for this bug six months earlier. But many places hadn't installed the fix yet, which allowed the worm to spread. The areas most affected by the worm were Europe, North America, and Asia, including countries like India.
Contents
How the SQL Slammer Worm Worked
The SQL Slammer worm was based on an idea shown by a security expert named David Litchfield. He was the one who first found the bug that the worm used. This worm was a very small piece of code. All it did was create random IP addresses and send copies of itself to those addresses.
If a computer at one of those addresses was running an older, unfixed version of Microsoft SQL Server, it would get infected right away. Once infected, that computer would start sending out even more copies of the worm across the Internet.
Why Home Computers Were Safe
Most home PCs were usually safe from this worm. They would only get infected if they had a special program called MSDE installed. The worm was so tiny that it didn't even save itself onto the computer's hard drive. It only stayed in the computer's memory. This made it easy to remove, often just by restarting the SQL Server program. However, the computer might get infected again quickly if the bug wasn't fixed.
How the Worm Slowed Down the Internet
The SQL Slammer worm started causing big problems on January 25, 2003. It slowed down computer systems all over the world. This slowdown happened because many routers couldn't handle the huge amount of traffic from infected servers.
Normally, if there's too much traffic, routers are supposed to slow it down or pause it. But with SQL Slammer, some routers crashed completely. When a router crashed, other nearby routers would notice it was gone. They would then send messages to other routers to update their "routing tables," which are like maps of the Internet.
This flood of update messages made even more routers crash. Soon, a large part of the Internet's capacity was used up by routers talking to each other. This meant that regular Internet traffic, like websites and emails, slowed down a lot or even stopped. Because the SQL Slammer worm was so small, it could sometimes get through even when normal traffic couldn't.
Why It Spread So Fast
Two main things helped SQL Slammer spread incredibly quickly. First, the worm infected new computers using a fast method called UDP. This method doesn't need to set up a long connection, so it's very quick.
Second, the entire worm was only 376 bytes big. That's tiny! It could fit into a single data packet. This meant that each infected computer could just "fire and forget" packets as fast as possible, sending out many copies of the worm without waiting for replies.
See also
In Spanish: SQL Slammer para niños