Saturday’s Slammer worm was based on sample code published to help explain the threat posed by the security vulnerability that Slammer exploited, according to David Litchfield, the security expert who discovered the vulnerability. The stunning success of the worm in spreading itself across the Internet had Litchfield questioning whether he will publish proof-of-concept (or “exploit”) code in the future. Litchfield expressed his opinion that the Slammer worm was based on his proof-of-concept code in an e-mail message to the widely read bugtraq mailing list at SecurityFocus. “On analysis of the code of the Slammer worm it is apparent that my code was used as its template,” Litchfield wrote. Full Story