January 25th 2003 marked the emergence of the Slammer (aka Saphire) worm, as of the time of this writing it was the fastest spreading worm in history. The worm was small, elegant and interestingly carried no payload. It was simply designed to spread. Upon infection the worm would essentially recreate itself in memory, resolve some function pointers and enter an infinite scanning loop driven by a rudimentary pseudo random number generation "engine".

Many research teams have dedicated time and resources to studying Slammer and its spread. CAIDA, UC Berkeley EECS et al put together an interesting report titled The Spread of the Sapphire/Slammer Worm. Adding to the already available wealth of knowledge I am releasing my heavily commented disassembly as well as my C-code implementation of the worms pseudo random number generator.

Disassembly  |   PRND Engine