Slashdot Mirror

← Back to Stories (view on slashdot.org)

New "SQLsnake" Microsoft Worm

Posted by ryuzaki0 on from the beware-the-worm-snake dept.

sevenn writes "A new worm, targeting the Microsoft SQL daemon, has been sweeping the net. It uses massive scanning, default passwords, exploits against vulnerable versions and even attempts to brute force passwords. Here is the (vague) Microsoft bulliten, the SANS analysis, and a securityfocus article" Already over a thousand compromised system- you're apparently only vulnerable if you run MS SQL, but the worm is causing a substantial spike in traffic to port 1433 on the net.

3 of 316 comments (clear)

  1. McAfee by Triskaidekaphobia · · Score: 5, Informative

    McAfee's description. The AV vendors are calling it Spida, instead of snake.

  2. Digispid/SQLsnake by Scoria · · Score: 5, Informative

    Symantec has produced a more informative bulletin; however, they have entitled the worm "Digispid" as opposed to SQLsnake.

    --
    Do you like German cars?
  3. Re:Databases shouldn't be outside the firewall by ColdCuts · · Score: 5, Informative

    One of the things incidents.org points out (http://www.incidents.org/diary/diary.php?id=156) is that some microsoft products have sql server included as a hidden or optional install. Access 2000, Visio, even Visual Studio 6 had an option for installing MSDE. If installed, no password is set for the account.