Slashdot Mirror

← Back to Stories (view on slashdot.org)

New "SQLsnake" Microsoft Worm

Posted by ryuzaki0 on from the beware-the-worm-snake dept.

sevenn writes "A new worm, targeting the Microsoft SQL daemon, has been sweeping the net. It uses massive scanning, default passwords, exploits against vulnerable versions and even attempts to brute force passwords. Here is the (vague) Microsoft bulliten, the SANS analysis, and a securityfocus article" Already over a thousand compromised system- you're apparently only vulnerable if you run MS SQL, but the worm is causing a substantial spike in traffic to port 1433 on the net.

11 of 316 comments (clear)

  1. News? by xamel · · Score: 2, Funny

    &ltsarcasm&gt
    Holy shit! A flaw in microsoft software? How did this happen???Arent Microsoft systems the most secure systems available???
    &lt/sarcasm&gt

    --
    GOD DAMNIT , MODERATE ME!
  2. Microsofted by MongooseCN · · Score: 3, Funny

    I'm waiting for the day when people stop saying "We got another worm." and start saying "We just got Microsofted again".

    --


    Outdoor digital photography, mostly in New Engl
    1. Re:Microsofted by jc42 · · Score: 3, Funny

      I think the term is "Microshafted".

      --
      Those who do study history are doomed to stand helplessly by while everyone else repeats it.
  3. I hope nobody breaks the blank SA password by tmcmsail · · Score: 2, Funny

    Some of the DBA's I have worked with love a blank SA password. They also love to write scripts that attach with SA and a blank password. I hope this will teach them to stop being stupid...

    I guess they can use next.

    --

    What OS do you want to abuse today?

  4. In Other News by Diamon · · Score: 5, Funny

    A massive "unlocked door" worm has been ravaging users of Schlage locks. Aparrently hackers have been breaking into houses with Schlage locks installed. 9 out of 10 users were found to have installed the locks but never engaged the locking mechanism, and many times had left the key in the knob.

  5. Re:Nothing new by n9hmg · · Score: 2, Funny

    I've got the bandwidth. If we all set up something like this, maybe it'd hurt a little bit, and compromised systems will be slowed more, and maybe be noticed.
    /etc/services:1433 1433/tcp wormstomper #crapflood
    /etc/inetd.conf:wormstomper stream tcp nowait dd if=/dev/katz wormstomper

  6. Re:McAfee by morgajel · · Score: 4, Funny

    is that like gangsta?

    "chillin in the hood with the SQLSpida..."

    --
    Looking for Book Reviews? Check out Literary Escapism.
  7. WOULD IT KILL YOU TO FUCKING SPELL CORRECTLY! by Anonymous Coward · · Score: 1, Funny

    Christ, don't you ever READ what you post!!!

  8. I think 1000 is a pretty conservative estimate. by Zeekamotay · · Score: 2, Funny

    > Already over a thousand compromised system

    Grepping my firewall logs for hits to port 1433, I find 1078 hits since midnight, from 39 unique IP addresses.

    The majority appear to be dynamic residential addresses -- attbi.com, swbell.net, pacbell.net. Only a few resolve to static addresses. Here's one of the sites that probed me:

    http://210.90.207.4/admin.inc

    LMAO!

  9. Nice juxtaposition there by alex4point0 · · Score: 2, Funny

    Why The X-Box Network Will Fail

    New "SQLsnake" Microsoft Worm

    yuk yuk yuk etc

    --
    By the time you finish reading this sentence will end.
  10. Oh yeah... I see that one happening! by tommck · · Score: 3, Funny
    Either the Internet will be abandoned, or ...


    Well, I'll just wait here for that...


    *sharp intake of breath*
    ...
    *fires up his Flux Capacitor-powered Internet Users Counter (tm)*
    [number = 15 bazillion]
    *waits*
    [number = 16 bazillion]
    *waits*
    *getting faint. Can't see very well*
    "don't these people realize ... should ... force ... secure passw... in SQL Server!?"
    [number = 18 bazillion]
    *turns purple*
    "Must... abandon ... Internet!"
    [number = 20 bazillion]
    *passes out*
    [number = 25 bazillion]
    [number = 37 bazillion]
    [number = 46 bazillion]
    ....

    --
    ---- It puts the lotion on its skin or else it gets the hose again. It does this whenever it's told.