You might think the Slammer worm is old news. But theworm—or an ugly cousin—might be making its rounds again soon, thanks to WiredMagazine's publication of the original Slammer worm's full source code in itsJuly issue.
The practice of publishing malicious programs' source code ishotly debated in the security community. Many people argue that full disclosureand publication of programs such as Slammer is valuable because it lets thosein charge of security know what they're up against so they can better protecttheir systems. I tend to take the more conservative view that publishing thissource code serves only to give troublemakers a chance to improve on thefastest-spreading Internet worm of all time. Some of these potentialvirus-writers might not have the skill to create a Slammer-like attacker fromscratch, but they can certainly release a variant of the worm into the wild.
In response to the threat of someone creating a new andimproved Slammer, Microsoft is renewing its efforts to protect all SQL Servercustomers from the worm. You can find Microsoft's response to the publicationof Slammer's source code, as well as technical resources and automated toolsthat make it easy to find and patch Slammer-vulnerable systems on your network.
Don't assume that you're safe just because the worm didn'thit you last time or because you've patched your systems already. One reasonSlammer spread so quickly the first time around was because so many instancesof Microsoft SQL Server Desktop Engine (MSDE) were vulnerable to infection. Endusers or application-development teams can easily install MSDE instances onmachines across your corporate network, perhaps as part of other productinstallations, without you knowing about them. So you can't assume you'vecovered all your bases just because you've patched all your "real"servers.
Microsoft has updated its Slammer resource site to make it easier than ever to find and root out these unprotected MSDE instancesas well as vulnerable full SQL Server instances. If a born-again Slammeror kindred worm hits your company because you didn't take a fewmoments to run Microsoft's automated tools, you'll have no one toblame but yourself.