Code from a UK security expert has emerged as the driving force behind the SQL Slammer worm that ravaged servers over the weekend. David Litchfield, co-founder of NGS Software, originally wrote the code to demonstrate the buffer overrun vulnerability and used it as part of a presentation to the Black Hat Briefings in August 2002.
Exploiting an SQL buffer overrun requires control of the target processor's path of execution. Once this has been achieved, the malware writers can then build in whatever additional instructions they require.
"The Slammer code is a straight cut-and-paste job," said Litchfield. "My talk was intentionally made after the patch had been released and I worked with Microsoft to ensure that I didn't pass on the information until the fix had been available for some time."
News source: Vnunet.com