Joho the Blog » The Beauty of the Worm
Everyday Chaos
Too Big to Know
Too Big to Know
Cluetrain 10th Anniversary edition
Cluetrain 10th Anniversary
Everything Is Miscellaneous
Everything Is Miscellaneous
Small Pieces cover
Small Pieces Loosely Joined
Cluetrain cover
Cluetrain Manifesto
My face
Speaker info
Who am I? (Blog Disclosure Form) Copy this link as RSS address Atom Feed

The Beauty of the Worm

A posting from Peter Kaminski to a mailing list (with permission):

It’s a thing of terrorbeauty, this Slammer/Sapphire/W32.SQLExp.Worm. Weighing in at 376 bytes of assembly language code, it is shorter than some email signature blocks. Shorter than the next paragraph.

It fits entirely within one UDP packet. The packet goes into a Microsoft SQL Server box, and boom, the machine turns into a zombie, spewing the same packet back out at random IP addresses, over and over and over and over, running in a tight 23-instruction loop, cycling fast enough to fill the network it’s connected to with the tiny replicates of itself directed anywhere and everywhere on the net.

Here are some more links:
cstone’s annotated disassembly
archived version of the Matrix graph
the slashdot thread
NGSSoftware advisory on the Microsoft SQL Server exploit, 2002-07-25

Previous: « || Next: »

4 Responses to “The Beauty of the Worm”

  1. What mailing list?

  2. A private mailing list. But Pete blogged this entry at

  3. Thanks!

Leave a Reply

Comments (RSS).  RSS icon