Communications of the Association for Information Systems


On January 25, 2003, the Slammer worm (also known as Sapphire) exploded on the Internet. Within ten minutes, it had taken over 90% of all unpatched computers running SQL Server or MSDE on the Internet. This article looks at several aspects of the Slammer infestation, including how it spread, the damage it caused, the crisis in vulnerability patching that it underscored, and the implications of the fact that Slammer probably was the first of a new class of worms predicted by Staniford, Paxson, and Weaver [2002]. These worms, which we will call blitz worms, can spread faster than human intervention can prevent, and radically new approaches will be needed to stop them.