But that's not all! Once you understand the purpose of the service that listens to this port, you know it had to be a planned event. Microsoft added a feature to SQL Server that lets you install several copies of the database server on the same machine and run them as if they were running on separate machines. Naturally, they can't all listen to the same port without getting their messages crossed. So Microsoft created a Resolution Service that listens on port 1434, sorts out the requests for the various copies of SQL Server and routes the requests as needed.

Now consider the fact that this vulnerability exists in many third-party products that use the Microsoft engine, not just in the Microsoft products listed above. The entire list comprises almost 200 applications, including such unlikely candidates as Timeslips (a time-billing program). Of all these products, ranging from financial software to fax software, how many do you suppose lend themselves to being installed several times on the same machine so that you can run multiple copies simultaneously? If this capability is only useful for a few of them, why else would Microsoft enable this feature by default? To maximize the attack's impact, of course.

Fans of Microsoft will also appreciate the fact that there are other vulnerabilities on this port that do not require one to exploit a buffer overflow. For example, you can use a carefully crafted "keep-alive" packet to make multiple database servers spin their wheels so hard they'll stop responding to any requests at all — a denial-of-service attack. This just goes to show how hard the programmers worked to provide crackers with as many avenues as possible.

A multi-pronged campaign

Themulti-pronged nature of this campaign is another way one can tell this is a deliberate effort to promote open source. Having spent so much time on Slammer, I'll limit the list to recent marketing ploys and keep the descriptions as short as possible.

In an effort to highlight the company's propensity for dirty tricks, Microsoft Network (MSN) deliberately sends a faulty style sheet to Opera browsers. There are a number of ways to show intent. Opera renders the default style sheet intended for Internet Explorer perfectly, so no custom style sheet is necessary. MSN also renders the page improperly on Opera even if you set Opera to identify itself as another browser, such as Internet Explorer or Mozilla. The programmers at Microsoft had to go out of their way to bypass the normal means of identifying a browser and determine whether users were accessing the site via Opera in order to make sure they get the bogus style sheet (see "MSN Breaks Opera" in Resources below).

The first few iterations of a Windows CE-based model of BMW were so buggy that the car automatically braked without using brake lights, the transmission slipped, the phone worked intermittently, displays and settings intermittently switched to metric units on their own, and the engine often stalled when the fuel tank dropped to 1/3 full. And sometimes the whole system would simply fail (see "The Windows CE-based iDrive" in Resources below).

Microsoft has been threatening elementary schools and government agencies with audits.