Slashdot Mirror

← Back to Stories (view on slashdot.org)

New "SQLsnake" Microsoft Worm

Posted by ryuzaki0 on from the beware-the-worm-snake dept.

sevenn writes "A new worm, targeting the Microsoft SQL daemon, has been sweeping the net. It uses massive scanning, default passwords, exploits against vulnerable versions and even attempts to brute force passwords. Here is the (vague) Microsoft bulliten, the SANS analysis, and a securityfocus article" Already over a thousand compromised system- you're apparently only vulnerable if you run MS SQL, but the worm is causing a substantial spike in traffic to port 1433 on the net.

2 of 316 comments (clear)

  1. Re:In Other News by White+Roses · · Score: 3, Interesting
    Good point. I do actually think that a lot of clueless admins ought to be flogged with cat-5 until they wake up and close the door.

    On the other hand, you know when you've put a Schlage on your door. You can see it, it's "well documented," and it's obvious how you lock it down. Too much MS software isn't well documented, it's not obvious how you lock it down, and the most egregious point is that you might not be able to tell (easily) if it's been installed.

    Both are left unlocked by default after installation, though, so I can't point that out. But I think that MS is more like installing 100 locks on your door, some which are locked and some which aren't, some with keys and some without, and nothing to tell you which is which.

    --
    Do not touch -Willie
  2. Re:Thousand compromised? by wik · · Score: 5, Interesting
    It's not just stupid users. Maybe they buy a copy machine like the Xerox DocuTech. It's a powerful high-end copier. It's also not just a copy machine. It has an NT box and a Sparc running Solaris built into it. It also comes out of the manufacturer, wide open with security holes, trivial passwords and unpatched software. If you try to patch them and then ever have as service issue (don't tell me that things don't break), Xerox will gladly reinstall all of the loaded software. Bye bye, patches and passwords.

    http://online.securityfocus.com/archive/1/273029

    It's not just stupid users. Somebody chose this machine for the business and it's something that they NEED in order to function. Not only that, they may not have a (practical) way to keep it secure when you look at how the machine is really used. I'd sugggest reading the entire thread, because there are more juicy details into the security problems and politics associated with big machines like these.

    --
    / \
    \ / ASCII ribbon campaign for peace
    x
    / \