Control System Infected with SQLslammer Worm

Event Year: 2003 Reliability: Likely But Unconfirmed
Country: Unknown
Industry Type: Petroleum
Description:

A corporate laptop user installed software, unaware that it included an unpatched version of msSQL. Sometime later the user connected PC to the Internet (in violation of company policy) to access email via an ISP. SQLslammer infected the internet connected machine. The user then brought the infected machine into the office and connected to the network, causing a small outbreak of the SQLslammer worm within the corporate network.

An unfirewalled data acquisition server, a control system and a development control system became infected with SQLslammer worm and had to be removed from the network to prevent further infection.

Impact:

There was no significant impact to production, but some history data was lost during server down-time. Data had to be manually created.

Action Description: The company has a significant programme to raise awareness of digital security issues and implement security improvements. The servers have been patched and a firewall is being recommended for installation.