System administrators blame each other for spread of Slammer internet worm, Sophos poll reveals

January 27, 2003 Sophos Press Release

A web poll of more than 200 business PC users, conducted by Sophos Anti-Virus, has revealed that most blame their fellow system administrators for the spread of the SQL Slammer internet worm in the last few days. The Slammer worm (also known as W32/SQLSlam-A) slowed down large sections of the internet at the weekend, reportedly causing ATM machines in America to stop working and knocking large sections of the South Korean population off the web.

64% of poll participants felt that system administrators who failed to keep their systems updated with the latest security patches had been most at fault for allowing the Slammer worm to spread. 24% blamed Microsoft for shipping buggy software, even though Microsoft warned system administrators of the security hole back in July 2002.

The poll also revealed that many system administrators have not put in place a formal way of dealing with new security vulnerabilities as they are discovered, with 12% relying on mainstream news reports to tell them about potential problems.

Only 43% of respondents said they had signed up for Microsoft's security vulnerability mailing list - the method Sophos recommends to companies who wish to keep informed of new vulnerabilities as soon as they are discovered.

"The Slammer worm slowed parts of the internet to tortoise pace this weekend," said Graham Cluley, senior technology consultant, Sophos Anti-Virus. "However, it was largely preventable. Had administrators applied the patch when Microsoft released it, the worm would have had significantly less chance to spread. Companies should put formal systems in place now to patch against future vulnerabilities, and system administrators should be given the resources to manage these procedures."

Interestingly, over 50% of those surveyed indicated that they noticed an internet slow down when Slammer was at its height at the weekend.

Comments from survey participants indicated that many system administrators felt their management had not given them enough resources to roll-out patches effectively, or had concerns over the stability of updates from Microsoft in case they caused further problems.