New Microsoft SQL Server Worm

← Back to Stories (view on slashdot.org)

New Microsoft SQL Server Worm

Posted by timothy on Saturday November 24, 2001 @06:45PM from the worms-crawl-in-and-the-worms-crawl-out dept.

Ian Bell writes: "A new unnamed worm has been released and, once again, Microsoft software is the target. More specifically, this new worm targets Microsoft SQL servers with no administrator passwords set. Once the server is infected, it logs onto Internet Relay Chat (IRC) servers and is ready to receive commands and act accordingly. Although this can be a fairly malicious worm, it is very unlikely to infect many servers due to the fact that majority of Microsoft SQL servers have administrator passwords."

3 of 290 comments (clear)

Min score:

Reason:

Sort:

Re:Microsoft always a target by Osty · 2001-11-24 18:59 · Score: 5, Insightful

Of course, their situation would be a lot simpler if they released source so that these things could be fixed by anyone as soon as a problem pops up

Who says you need source to fix problems? In this case, it's as simple as setting a password for th sa user. Anyway, the point is moot because this only affects SQL Server 7 and older. SQL Server 2000 makes you jump through hoops if you want to leave the sa password blank (as well, SQL auth isn't even the default. Instead, Windows domain auth is the default). Anyway, the point here is that source is absolutely not required to fix this problem. Just a small amount of brainpower, that's all.
Too Incompetent To Keep Their Job by Carnage4Life · 2001-11-24 19:02 · Score: 5, Insightful
IMHO, anybody who
1. installs database software without setting the password (Heck, installs any software that has passwords without changing the default) and
2. exposes their corporate database to the web
is too incompetent to keep their job. I seriously believe that infections like this should start becoming yardsticks that system administrators are hired and fired against. Seriously, if your corporate network gets infected by Code Red, Sircam or this new SQL server worm it is a sign that somebody somewhere is not doing their job. This goes for UNIX boxen as well, if you're hit by a BIND, sendmail or wu-ftpd exploit then your sys admin is a waste of money and you are better off hiring some college kid who needs the experience. It'll be cheaper and you probably will get better service anyway.
1. Re:Too Incompetent To Keep Their Job by Lumpy · 2001-11-25 01:05 · Score: 5, Interesting
  
  you obviously dont deal with custom vertical apps. or the real world in particular.
  
  we have 5 SQL servers that are forced to run with no password. because our critical software that uses it is hard coded to not have a password for SQL server.
  
  I had asked the vendor 5 times within the past 3 years to change this, and then asked upper management to as the vendor.
  
  What was I told? "It's not an important issue"
  
  so not I get to be spanked this monday when 10 sql servers all start to try and connect to irc through the firewall.
  
  So in response to you, I am more competent than 60% of the MS admins in my state. but when you have your hands tied by management you cant do crap but grab a mop and clean up after managements messes all the time... (examples? outlook, trying to run 700,000 users on a MS email server cluster,and brain dead morons wanting to have one super data center and pay for fat pipes to each office instead of having resources at each office. hmmm one disaster and this company is 100% screwed.)
  
  oh and your "yardsticks" comment...
  first the manager of the IS department or even the CTO should be the one getting publically fired. as they are usually the ones tying the hands of the admins and preventing them from doing their jobs.
  
  if a shop get's hit with any exploit, fire the manager first and the techs last.
  
  --
  Do not look at laser with remaining good eye.