A look back at Code Red, Nimda, and Slammer
Code Red, Nimda, and Slammer (also known as SQL Slammer) are three of the most well known computer worms in the relatively short history of computers. Well known not because of their creatively selected names, but because of the massive impact they had on a widely used Internet. They weren’t the first worms to threaten the fabric of the Internet, but they hit at a time when the Internet was becoming very popular. It was a time when it was beginning to be widely used not only by governments and educational institutions, but also by people, corporations and non-profit organizations alike for communications and business.
Everyone who commonly used a computer when these malicious worms hit the Internet will remember them. Not only did they take down a number of government, corporate, and educational networks, but some of those not directly affected voluntarily shut down their networks as a precaution. But how were these things so effective and wide-ranging? How did they become the monsters that they were? The answer is pretty simple.
At the time, computer security was almost entirely an afterthought. Operating systems were developed with little thought to computer security. Security was left to third-party software, which would in turn be left to the consumer to purchase and then take the time to implement properly. This lack of consideration for security is somewhat hard to believe, as malicious software propagating through network vulnerabilities had been devastatingly demonstrated by the Morris worm years earlier. The effect of this lack of consideration of security left a number of huge security holes in remotely accessible Microsoft services, ultimately facilitating the success of the worms.
Now thanks in part to these very same worms, security has become one of the most well developed aspects of computer life. As a consequence, major vendors have implemented numerous security features in their software and have built patch infrastructure to allow users to easily secure their software when it is found to be vulnerable. Simple things like firewalls are activated by default, giving greater protection to users from remote vulnerabilities.
So, with all of this security infrastructure, are these types of threats dead? Has security awareness killed them? Not at all. People on both sides of the security divide continue to uncover more vulnerabilities and newer methods of circumventing security. However, mass-propagating worms may be waning in popularity due to an emerging focus of modern attackers: It seems that attackers are less interested in making a name for themselves and their malicious software and more interested in profits. As the motive changes, so does the method.