The Slammer Worm was created from a proof-of-concept exploit code published during Black Hat by now the Google security researcher David Litchfield. The worm exploits a buffer overflow vulnerability in Microsoft SQL Server 2000 or MSDE 2000 by sending a formatted request to UDP port 1434. Researchers at Check Point researchers confirmed that the threat has risen in early December (between 28 November, 2016, and 4 December, 2016), it mostly targeted machines in the US. The largest volume of traffic originated from IP addresses in China, Vietnam, and Mexico.”]
Source: https://securityaffairs.co/wordpress/56028/malware/slammer-worm-2017.html