Slammer autopsy. Paul Boutin's written a fascinating feature on the Slammer Worm for Wired magazine. Particularily cool is his human-readable analysis of Slammer's ingenious code.

Slammer masquerades as a single UDP packet, one that would normally be a harmless request to find a specific database service. The first byte in the string - 04 - tells SQL Server that the data following it is the name of the online database being sought. Microsoft's tech specs dictate that this name be at most 16 bytes long and end in a telltale 00. But in the Slammer packet, the bytes run on, craftily coded so there is no 00 among them. As a result, the SQL software pastes the whole thing into memory.

[Boing Boing Blog]

6:38:32 PM  What do you think? ( Thoughts) Who linked? []