SQL Slammer

lore

securitynetworking

The 376-byte worm that fit in a single UDP packet and infected most of its 75,000 victims within ten minutes on January 25, 2003.

Slammer lived only in memory and network packets, never touching disk: one hand-optimized 376-byte payload fired at UDP port 1434, doubling its footprint roughly every 8.5 seconds at the peak. Bank ATMs failed, much of South Korea lost connectivity, and routers collapsed under the scanning load, all from a hole Microsoft had patched six months earlier. It remains the canonical proof that patch latency, not attacker brilliance, is what burns the Internet down.

Also known as: Sapphire worm

All glossary entries