Slammer Worm Code Publication Could Inspire More Virus Activity

Sophos is concerned by reports in the US media that popular technology magazine Wired is set to publish the source code for the Slammer internet worm in its next edition, due out on Tuesday 10th June 2003.

The Slammer worm caused some parts of the internet to experience a severe slowdown in January of this year, after it infected vulnerable Microsoft web servers. Sophos warns that, by printing the details of malicious code used by Slammer’s author, Wired could be providing vital code-writing clues to potential virus writers.

“There is a real danger that those with malicious intent will take this code and use it to create new internet worms,” said Graham Cluley, senior technology consultant for Sophos Anti-Virus. “Even though Wired claims its intention is to highlight the problems of viruses, in a week where we’ve seen two of the year’s hardest hitting worms – Sobig-C and Bugbear-B – we feel that any hints on how to write a worm will only serve to fuel the problem of virus writing.”

“Of course, malicious viral code is freely available on the darker corners of the net, but that does not mean it is helpful to publish such things in a highstreet magazine,” continued Cluley. “Users need education about virus threats and how to protect themselves, not a cookbook about how to create them.”