Seven years ago I was in the mountains of Colorado, taking advantage of the a school break to get away for a long weekend. There wasn’t good cell phone coverage up there, and I was surprised as we drove back Sunday evening with a voice mail indicator on my phone. I dialed in and found a message from work to call ASAP. SQL Slammer had struck.
I wasn’t expecting to get back to work so soon, but as soon as I got kids out of the car and into bed, I headed into work to deal with the issues. A crisis team was assembled, with the other production DBA already having spent much of Sunday at work. We worked late into the night, patching servers and trying to eradicate the worm.
However we had literally thousands of infected MSDE instances that had been installed with custom paths and the patch Microsoft had released would not fix them. We had an engineer fly out from Seattle and help work through the issues, finding workarounds and understanding our environment. A combination of creativity and scripting allowed us to finally develop a solution late Monday night that we deployed into the wee hours of Tuesday morning.
That was seven years ago and it was a memorable time for me. I had thought that the Slammer worm was dead, but apparently that’s not the case. Traces are still detected at times and this month the SANS Institute is trying to work with ISPs and companies to eradicate the worm once and for all. They are asking system administrators to spread the word and help them try and remove SQL Slammer as a threat. They are not confident that they’ll succeed, but I think it’s worth a try.
I’m sure many of you encountered the Slammer worm if you were working with SQL Server at that time. Any great memories? Any stories to share? Let us know in the discussion below and if you can help eradicate the worm, make sure you pass the word to the administrators of SQL Server 2000 instances.