Businesses dig out from Slammer

Two days after the new, fast spreading W32.Slammer worm wreaked havoc on the Internet, organizations in the U.S. that were affected say that good technology and prompt reaction to the emerging attack prevented more widespread disruption.

Stories abound of network slowdowns in the hours following the first appearance of the worm early Saturday morning.

Beth Israel Deaconess Medical Center (BIDMC) in Boston experienced slowdowns for approximately six hours as a result of Slammer, according to John Halamka, MD, Chief Information Officer of the CareGroup Health System.

Blocking ports 1433 and 1434 on affected machines eventually brought Slammer under control, Halamka said.

Physician Craig Gordon arrived at 7:30 Saturday morning to find many of the computer systems that the hospital uses to track clinical data and enter patient orders were not working and that access to the Internet was gone.

Gordon and the rest of the staff at BIDMC fell back on lessons learned from previous virus outbreaks and computer outages, using teamwork and an older paper-based system to manage their patients until the clinical systems came back online a couple hours later.

"People just figured out what was up, what was down and what we could do to make the day go on. It was actually pretty extraordinary.  Everybody did their job and helped each other out. It was really about as normal as it could be," Gordon said.

At Northeastern University in Boston , IT staff was notified of the mounting attack by monitoring systems and were on hand at just after midnight Saturday to address infection on some of the University's 13 Microsoft SQL Server hosts, according to Leo Hill, director of technology research and integration at Northeastern.

The IT staff worked to locate the source of the problem and stem the flow of traffic produced by Slammer. By 7:30 in the morning, Northeastern's staff had Slammer under control, with little or no disruption to students, employees or faculty, according to Hill.

The cleanup at Northeastern was hastened by the fact that most of the institution's SQL servers had Microsoft's SQL Server Service Pack 2 or Service Pack 3 already installed. Those service packs patched the software vulnerability that was exploited by Slammer, according to Hill.

IT staff at the place where former Northeastern student Shawn Fanning wrote the original Napster application were also armed with a variety of firewalls and traffic shapers that helped spot and thwart the Slammer outbreak, according to Hill.