Win32:SQLSlammer

is a worm which spreads via a buffer overflow exploit in Microsoft SQL Server 2000 or Microsoft Desktop Engine (MSDE) 2000. This security hole has been discovered in May 2002 and there is a patch for it for long time (since July 2002).

The worm generates the pseudo-random IP addresses and tries to infect the computers which use these IPs. The worm exists in the computer memory only and it does not modify any files on the infected computer - it is similar to Win32:CodeRed worm in this aspect. It can cause the very heavy traffic however during its attempts to spread further. The worm uses only UDP port 1434 (SQL Monitor Port) to spread itself to a new system, so to protect the network from worm's requests you should close this port on the firewall.

This worm uses a well known vulnerability that has had a patch available for many months. Microsoft has also released a recent service pack for SQL (Service Pack 3) that includes a fix for this vulnerability. All users of MS SQL Server or Microsoft Desktop Engine (MSDE) 2000 should use the patches available. For more information see the following pages:
http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/bulletin/MS02-039.asp
SQL 2000 Service Pack 3:
http://www.microsoft.com/sql/downloads/2000/sp3.asp.