Slammer (F-Secure)   W32/SQLSlammer (McAfee Security)   W32/SQLSlam-A (Sophos)   W32.SQLExp.Worm (Symantec)   Win32.SQLSlammer (Computer Assoc.)   WORM_SQLP1434.A (Trend Micro)   Worm.SQL.Slammer (Kaspersky Lab)  Security advisories:   Computer Associates   F-Secure   Kaspersky Lab   McAfee Security   Sophos   Symantec   Trend Micro   Microsoft Security Bulletin MS02-039 MS02-039: Buffer Overruns in SQL Server 2000 Resolution Service Might Enable Code Execution

Over three days after the SQL Slammer worm, also known as Sapphire, prostrated both major Internet backbones and small corporate networks, security software vendors and monitoring companies are reporting that the outbreak, although leveling off, still poses a great danger to vulnerable computer systems.

On Monday, Symantec, a California-based security software maker, upgraded the worm threat to category 3, despite projections that the worst has passed. SQL Slammer marked the largest Internet slowdown of global impact since the Code Red infection spree in July 2001.

System administrators of servers running Microsoft's SQL Server 2000 or Desktop Engine (MSDE) 2000 software are highly recommended to apply the July 24, 2002 patch from Microsoft, if they have not already done so. The Sapphire worm aggressively scours the Internet for vulnerable systems, propagating thousands of copies that flood small and big networks around the globe.

As of now, the known version of SQL Slammer does not carry destructive payload, and is simply aiming to duplicate itself over the Internet. In addition, the worm does not infect, or modify in any way, files stored in affected systems. Due to the relatively swift response to the threat, no major Denial of Service (DoS) situations are being expected as a result of Sapphire's continuing distribution. However, the worm unraveled a trend of ignoring important security updates offered by software companies. Slammer's effects were felt in Asia, Europe, and the Americas, in Internet Service Providers (ISPs), airlines, banking institutions, telecommunication services, and even in Microsoft's own network, whose administrators discovered gaping holes in the software giant's patch management practices.

Svetlozar Online advises administrators seeking a temporary solution to block access from untrustworthy sources on port 1434, but for highest security installation of the six-month-old update by Microsoft must be performed.