New "SQLsnake" Microsoft Worm

sevenn writes "A new worm, targeting the Microsoft SQL daemon, has been sweeping the net. It uses massive scanning, default passwords, exploits against vulnerable versions and even attempts to brute force passwords. Here is the (vague) Microsoft bulliten, the SANS analysis, and a securityfocus article" Already over a thousand compromised system- you're apparently only vulnerable if you run MS SQL, but the worm is causing a substantial spike in traffic to port 1433 on the net.

Re:Thousand compromised?

[wik]

It's not just stupid users. Maybe they buy a copy machine like the Xerox DocuTech. It's a powerful high-end copier. It's also not just a copy machine. It has an NT box and a Sparc running Solaris built into it. It also comes out of the manufacturer, wide open with security holes, trivial passwords and unpatched software. If you try to patch them and then ever have as service issue (don't tell me that things don't break), Xerox will gladly reinstall all of the loaded software. Bye bye, patches and passwords.

http://online.securityfocus.com/archive/1/273029

It's not just stupid users. Somebody chose this machine for the business and it's something that they NEED in order to function. Not only that, they may not have a (practical) way to keep it secure when you look at how the machine is really used. I'd sugggest reading the entire thread, because there are more juicy details into the security problems and politics associated with big machines like these.