Berkeley’s computer science department has provided yet another breakdown of last week’s SQL Server worm, this one more epidemiological than technical. One of the most impressive parts of the report is a Wargames-like graphic that shows the reach of the worm in its first 30 minutes of life; there are also good graphs showing both the packet traffic generated by the worm and the rapid decline in its traffic as system and network administrators responded. (Something that particularly interests me is that the traffic analysis was done in a “tarpit” network — a network that’s used only to collect data on incoming, unrequested packets like those used in virus or worm attacks — at the University of Wisconsin Advanced Internet Lab.) One of the big lessons to take from the data is that, with a rate of spread that quick and a penetration into networks that deep, a more malevolent worm could cause a hell of a lot of damage.

Comments

Yes, you are right, this worm is ugly!!
An friend told me, that he has a lot of work to do, to repair all the SQL-Databases of his customers. He think, he will have to work hardly, until mid of february. No fun!!

Matthias

• Posted by: Matthias on Feb 3, 2003, 6:58 PM
Please note that comments automatically close after 60 days; the comment spammers love to use the older, rarely-viewed pages to work their magic. If comments are closed and you want to let me know something, feel free to use the contact page!