The recent Slammer worm could infect non-Microsoft products, including security tools, according to a security advisory site. This may put businesses at risk from further infections if they fail to patch all vulnerable software.
According to SQLSecurity.com, products from companies such as security tools provider Internet Security Systems (ISS) and storage firm Veritas use the vulnerable SQL Server database software. Veritas told its customers last week that its Backup Exec 9.0 for Windows and ExecView 3.1 servers could be open to infection by Slammer. ISS said its products were configured to minimise the risk.
IT managers need to assess their software products and ensure they apply any necessary patches. This may be especially important in light of a poll that shows the majority of computer users blame administrators for recent Slammer infections.
In a poll of more than 200 business PC users carried out by antivirus firm Sophos, almost two-thirds said that systems administrators should be blamed because they had failed to keep systems updated with the most recent patches. Twenty-four percent indicated that Microsoft was at fault because it had released flawed software.
Ben Claridge, technical manager at antivirus firm Panda Software, agreed that failure to apply patches contributed to the spread of the worm, which exploits a buffer overflow found in Microsoft SQL Server databases. "The main reason why SQL Slammer has infected so many servers with ease is due to the fact that network administrators typically do not upgrade their systems with enough frequency," he said.
Companies had plenty of warning about the availability of the fix, according to Adam Newby, IT manager at an online publisher. "The patch to SQL Server that prevents this from spreading has been available since last July," he said. "Even if network managers were worried about potential instability to their systems caused by installing the patch, they've had six months to test it."
Newby pointed out that in addition to applying fixes more quickly to protect systems, firms could also divide up their networks into segments and place firewalls between them. This would contain worms within one segment of a network if an infection occurs.
The Slammer worm has already caused more than $1bn of damage around the world, according to the Intelligence Unit at security solutions firm Mi2g. This is more than the damage caused by previous viruses such as Goner and Love Letter.
reader comments