A 14 year old computer worm has suddenly made a surprise comeback following a decade of almost no activity - and nobody knows why.
After it first appeared in January 2003, SQL Slammer carried out distributed denial of service (DDoS) attacks against tens of thousands of servers across the globe, using servers and routers to overload over 75,000 networks within 10 minutes of its emergence.
Exploiting a buffer overflow vulnerability in Microsoft SQL Server 2000 or MSDE 2000, the memory resident worm sends a formatted request to UDP port 1434 to infect the server. Once this occures, it rapidly spreads itself by sending its payload to random IP addresses and causing further DDoS attacks.
SQL Slammer surged between November 28 and December 4, 2016 and attacked targets in 172 countries across the globe. The US was by far the most common target of the worm, accounting for 26 percent of SQL Slammer attacks, followed by the UK and Israel on seven percent each.
The IP addresses responsible for initiating the largest number of attempted attacks were registered in China, Vietnam, Mexico, and Ukraine, although outside of that there's no indication of who revived the SQL Slammer attacks or why.
'Could be an aberration, could be the start of something - it's hard to speculate!' said a Check Point spokesperson.