MS-SQL Worm

[Copied from CUbhis Web Site]
Starting at Friday midnight, Microsoft SQL Server Worm (W32.SQLExp.Worm or Slammer Worm) infected many hosts in the Internet and CU Health Sciences network, causing a severe network performance problem due to denial of service attack. Several hosts within CUHS network with unnpatched MS SQL Server software (the vulnerability was known and patches were available since June 2002) caused the network routers to saturate and become difficult to reconfigure. Columbia Morningside, NYP and Cornell Medical Center, were all affected.

Problems for the End-user: The network was degraded, at times inoperable for time-sensitive functions. Internet was not available from inside and vice-versa. The network for clinical functions with the hospital remained mostly operable with intermittent delays. The network and connectivity were fully operational around noon.

Reference: Techinical details and resolution tools and methods are available at:

CERT
Symantec
SlashDot

Click here for traffic charts representing the ammount of traffic destined for the Internet from infected hosts inside CPMC.