Global
SQL "Slammer" Worm Newsbrief
LURHQ Discovers SQL Server Worm
CHICAGO, IL, January 25, 2003 - At approximately midnight on January 24, 2003 LURHQ's Secure Operations Center detected increased scanning for UDP Port 1434 across its client base. LURHQ's Intrusion Analysts have determined that this unusual traffic is caused by the propagation of a new Internet Worm known as W32.SQLExp or SQL Slammer. The SQL Slammer Worm exploits vulnerabilities in Microsoft's SQL Server to infect the host. The Worm then propagates from the host, causing a large amount of network traffic. The resulting traffic creates a denial-of-service scenario, which has impacted the availability of the Internet at-large. Initially, this Worm was undetectable by most Intrusion Detection Systems (IDS) and Anti-Virus (AV) solutions.
Resolution
LURHQ's Intrusion Analysts maintain a constant vigilance over client networks. This vigilance enabled them to detect and respond immediately to the Worm, which at the time was undetectable by most IDS and AV solutions. The result of this real-time monitoring, detection and response has been a 0% infection rate among LURHQ's clients. LURHQ's Intrusion Analysts continue to work hand-in-hand with clients to respond to this incident in order to minimize the impact to their critical business systems. Additionally, LURHQ's expert Analysts created a new signature for the IDS sensors under their management to detect the Worm, providing the visibility necessary to track the threat.
About LURHQ
LURHQ is a trusted provider of Managed Security Services, specializing in Intrusion Prevention and Protection. Founded in 1996, LURHQ has built a strong business protecting the critical information assets of its clients by offering Managed Enterprise Security Monitoring, Managed Intrusion Detection and Managed Firewall services. LURHQ is the only Managed Security Service Provider that offers real-time accountability to clients through its Open Service Delivery. Open Service Delivery is made possible by LURHQ's clearly defined incident identification and response process and real-time information Portal. The result is a "glass house" that provides clients with a seamless, enterprise-wide view of the security events and the actions taken against them by LURHQ's Intrusion Analysts in real-time via the Sherlock Enterprise Security Portal. The LURHQ-developed Sherlock Enterprise Security Monitoring Platform provides the foundation to LURHQ comprehensive enterprise-wide security monitoring services. This vendor neutral technology aggregates and correlates security events from any component of the IT infrastructure, including security devices, network infrastructure, servers, databases and applications in real-time. This unique combination of People, Processes and Technology allows LURHQ to deliver the highest level of security expertise and client service to over 400 leading organizations.