Tiny but deadly

sapphire virus map The Cooperative Association for Internet Data Analysis (CAIDA) has completed a study of the recent Sapphire virus, with some fascinating results (and noted missteps by the programmer).

As opposed to previous viruses, which depended on responses from randomly chosen potential hosts, Sapphire sent UDP packets that required no such return. In other words, Nimbda and Code Red were bounded by network latency, and Sapphire simply by bandwidth. Using this strategy, the virus was able to double its infected population every 8 seconds, while Code Red checked in at a snail-like 37 minutes. Most of the vulnerable machines were affected within 10 minutes.

CAIDA: The Spread of the Sapphire/Slammer Worm

Leave a Reply