Reader's advisory: Wired News has been unable to confirm some sources for a number of stories written by this author. If you have any information about sources cited in this article, please send an e-mail to sourceinfo[AT]wired.com.
The global worming attack that fried much of the Internet over the weekend appears to have cooled down.
Security experts feared the Slammer worm would return with a vengeance Monday as unpatched systems and applications booted up at the start of the workweek.
But although the Internet hasn't quite returned to normal, as of Monday morning the worm doesn't appear to have provoked any new problems.
Slammer's voracious spread also sparked a firestorm of FUD (fear, uncertainty and doubt) on security mailing lists over the weekend.
In the heat of the moment some posted messages indicating that Slammer would be the worst worm attack ever, others said they feared Slammer had been released by cyberterrorists, while a few believed Slammer had been authored by the U.S. government in order to test the possible ramifications of an electronic enemy attack.
One BugTraq poster suggested that the patch Microsoft released to close this hole may not be totally effective in all cases.
"Meanwhile, every conceivable Internet performance issue is being blamed on the worm, and FUDmongers are yelping about how this proves that an enemy government could bring down the Internet in time of war," said Robert Ferrell, a security expert. "Interestingly, this exchange is taking place entirely on Internet mailing lists, whose performance doesn't seem to be affected noticeably."
The Slammer saga continued Monday with reports of a few websites still down and a very quiet day for those workers whose networks have been yanked offline for repairs.
Slammer can attack a multitude of Microsoft programs as well as applications distributed by other companies including administration, help desk, corporate antivirus and assorted security applications.
Home computers are unlikely to be vulnerable to the worm.
Several security companies have created free scanners to help network administrators locate vulnerable or infected systems.
Slammer, also known as Sapphire, began to spread shortly after midnight ET on Saturday and quickly slapped many computer systems around the world offline.
Slammer targets Microsoft's SQL Server 2000 as well as applications created with the Microsoft SQL Server 2000 Desktop Engine (MSDE 2000). Any application using this codebase is open to the exploit unless it is patched.
Microsoft gives MSDE 2002 away for free, so developers can build it into their applications, said network security consultant Mike Sweeney.
"Programmers rarely understand the ramifications of using something like the MSDE 2000 package in the network from a support/security perspective," said Sweeney. "They use it because it's free and it saves them the drudgery of coding it themselves."
"But if the IT department is not aware of MSDE 2000 code in applications, they won't know to patch the desktops which leaves them vulnerable to a possible attack," added Sweeney.
Microsoft released a patch for Slammer in July 2002, but security experts said a successful installation required users to manually edit system files, a complication that resulted in some patches being installed incorrectly, if they were installed at all.
A service pack that included a fix for the vulnerability that Slammer exploits was released on Jan. 17.
Some who attempted to patch their systems after hearing about the worm were unable to download the fix from Microsoft because of a sudden spike in download demand and the worm's own network-clogging traffic.
