SQL Slammer Makes a Comeback

A recent campaign utilising SQL Slammer Worm has been discovered, this malware had been dormant for over a decade.

Threat ID:: CC-1158
Category:: DOS, Worm
Threat Severity:: Low
Threat Vector:
Published:: 9 February 2017 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

A recent campaign utilising SQL Slammer Worm has been discovered, this malware had been dormant for over a decade.

Threat details

SQL Slammer Worm was identified as attacking Microsoft SQL Server 2000 or Microsoft SQL Server Data Engine 2000, which haven’t been patched for 14 years. The Worm infects the server via UDP (User Datagram Protocol) port 1434 and attempts a DDoS attack of the server.

Remediation steps

Type	Step
	Ensure that the most recent patches have been applied to the SQL Servers, however the target severs are no longer supported by Microsoft therefore consider updating to a newer version. Monitor for suspicious activity on UDP port 1434.

Last edited: 17 February 2020 11:39 am