Another Microsoft SQL Worm On the loose

Discussion in 'Windows Desktop Systems' started by Kr0m, Jan 25, 2003.

  1. Kr0m

    Kr0m Moderator

    Messages:
    1,390
    Location:
    Turtle Island
    I found out about this when I noticed a LARGE number of probes to port 1434/33 to my PC lastnight. Why users or admins don't keep their Servers patched(especially these days) is mind boggling. They need to be slapped!

    Internet Security Systems

    Quoting their site:

    "Synopsis:

    ISS X-Force has learned of a worm that is spreading via Microsoft SQL servers. The worm is responsible for
    large amounts of Internet traffic as well as millions of UDP/IP probes at the time of this alert's publication.
    This worm attempts to exploit MS/SQL servers vulnerable to the SQL Server Resolution service buffer overflow
    (CVE CAN-2002-0649). Once a vulnerable computer is compromised, the worm will infect that target, randomly
    select a new target, and resend the exploit and propagation code to that host.

    Impact:

    Although the Slammer worm is not destructive to the infected host, it does generate a damaging level of
    network traffic when it scans for additional targets. A large amount of network traffic is created by the
    worm, which scans random IP addresses for vulnerable servers."
     
  2. Kr0m

    Kr0m Moderator

    Messages:
    1,390
    Location:
    Turtle Island
    Thanks to Pseudokiller to bringing this to my attention that this worm is causing havoc on the internet right now as stated from CNN...

    "Traffic on the many parts of the Internet slowed dramatically early Saturday, the apparent effects of a fast-spreading, virus-like infection overwhelming the world's digital pipelines and interfering with Web browsing and delivery of e-mail."


    CNN
     
  3. PseudoKiller

    PseudoKiller Zug Zug

    Messages:
    3,858
    Location:
    Ice Crown Citadel
    Seems an old exploit is being targeted. SQL server are the current target but the worm is probing everything on the net. As it stands all major and even minor isp's are being affected. UUnet is especially being hit. Their pipe is full and no one knows when it will stop.
    Its not going to be a good day on the net ...
     
  4. xsivforce

    xsivforce Prodigal Son Folding Team

    Messages:
    8,547
    Location:
    Texas, USA
    I am definitely feeling it. :mad:
     
  5. Grandmaster

    Grandmaster Electronica Addict Political User Folding Team

    Messages:
    10,574
    Location:
    Santa Clara, CA
    not good at all, I cannot even sign into windows messenger because of this..
     
  6. Jewelzz

    Jewelzz OSNN Godlike Veteran

    Messages:
    10,977
    Location:
    California
    Only a few sites I can't get to. Lost my cable connection for about 3 - 5 mins. Other then that nothing is different for me. All chat programs are working fine on this end.