/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsSEATTLE: It only took 10 minutes for the SQL slammer worm to race across the globe and wreak havoc on the Internet two weeks ago, making it the fastest-spreading computer infection ever seen, researchers said.
The worm, which nearly cut off web access in South Korea and shut down some U.S. bank teller machines, doubled the number of computers it infected every 8.5 seconds in the first minute of its appearance, said a computer security research group led by the Cooperative Association for Internet Data Analysis.
By comparison, the Code Red worm -- which came 18 months earlier -- only doubled every 37 minutes.
"We were pretty surprised by how quickly it spread," said David Moore, a senior technical manager at CAIDA. "This is the fastest we've ever seen something spread like this." The worm, which exploited a flaw in Microsoft Corp.'s SQL server database software, caused damage by rapidly replicating itself and clogging the pipelines of the global data network.
The tiny malicious program, which was also known as Sapphire, did not erase data or cause damage to desktop computers, but was designed to replicate itself so fast and so effectively that no other traffic could get through networks. "The Sapphire worm's scanning technique was so aggressive that it quickly interfered with its own growth," CAIDA said in a report.
The US and South Korea were hardest hit by SQL slammer, CAIDA said, making up 43 percent and 12 percent of the victimized computers.
"Though very simple, Sapphire represents a significant milestone in the evolution of computer worms. Although it did not contain a destructive payload, Sapphire spread worldwide in roughly 10 minutes causing significant disruption of financial, transportation, and government institutions," the CAIDA report said.
"It clearly demonstrates that fast worms are not just a theoretical threat, but a reality -- one that should be considered a standard tool in the arsenal of an attacker."
© Reuters