The SQL slammer worm: How two organizations survived the attack

The Oakland Raiders offense wasn't the only thing that got slammed on Superbowl weekend. Fans who needed twenties to cover their office pool bets got shut out of their accounts as the "SQL Slammer" worm shut down most of Bank of America's 13,000 ATMs the day before the big game. When the dust settled, this attack once again demonstrated the precarious nature of organizational security measures.

While antivirus protection and firewalls are an essential part of any organization's resources, they are essentially reactive. Software vendors are quick to release patches or new antivirus definitions as soon as one hits, but they can't necessarily predict what attack someone will come up with next. By the time they discover the problem, work out a fix, and get customers to install it, the damage is done. SQL Slammer was no exception. It took only three minutes to reach a rate of conducting 55 million scans per second as it sought to locate and spread to vulnerable computers. After that, its growth slowed only because it tied up so much bandwidth that it couldn't continue to expand.