What is SQL Slammer?
SQL Slammer is a worm that targets unpatched Microsoft SQL 2000 servers. The worm spreads between servers and increases traffic on UDP port 1434. This creates heavy network traffic that can affect network performance and lead to denial of service. SQL Slammer does not contain a destructive payload. Despite its name, it does not use the SQL language.
Home PCs are generally unaffected by this worm. Since it remains in system memory, it can be easily removed.
The 376-byte worm package only affects SQL servers that are not running SP3, a Windows service pack that contains a patch to fix the buffer overflow bug that the worm is exploiting. The little worm code generates random IP addresses and sends itself to these addresses from the infected system.
The main symptom of a SQL Slammer infection is the high outbound traffic to UDP 1434. Since the worm could fit in a packet, it was able to spread quickly as computers fired infected packets. This led to several denial-of-service attacks in 2002 and 2003. A patch released by Microsoft in 2002 and the increasing media coverage of this worm had greatly reduced the risk of infection by 2004.