New Microsoft SQL Server Worm

Ian Bell writes: "A new unnamed worm has been released and, once again, Microsoft software is the target. More specifically, this new worm targets Microsoft SQL servers with no administrator passwords set. Once the server is infected, it logs onto Internet Relay Chat (IRC) servers and is ready to receive commands and act accordingly. Although this can be a fairly malicious worm, it is very unlikely to infect many servers due to the fact that majority of Microsoft SQL servers have administrator passwords."

Re:Too Incompetent To Keep Their Job

[Lumpy]

you obviously dont deal with custom vertical apps. or the real world in particular.

we have 5 SQL servers that are forced to run with no password. because our critical software that uses it is hard coded to not have a password for SQL server.

I had asked the vendor 5 times within the past 3 years to change this, and then asked upper management to as the vendor.

What was I told? "It's not an important issue"

so not I get to be spanked this monday when 10 sql servers all start to try and connect to irc through the firewall.

So in response to you, I am more competent than 60% of the MS admins in my state. but when you have your hands tied by management you cant do crap but grab a mop and clean up after managements messes all the time... (examples? outlook, trying to run 700,000 users on a MS email server cluster,and brain dead morons wanting to have one super data center and pay for fat pipes to each office instead of having resources at each office. hmmm one disaster and this company is 100% screwed.)

oh and your "yardsticks" comment...
first the manager of the IS department or even the CTO should be the one getting publically fired. as they are usually the ones tying the hands of the admins and preventing them from doing their jobs.

if a shop get's hit with any exploit, fire the manager first and the techs last.