MS SQL Server Worm Wreaking Havoc

defile writes "Since about midnight EST almost every host on the internet has been receiving a 376 byte UDP payload on port ms-sql-m (1434) from a random infected server. Reports of some hosts receiving 10 per minute or more. internetpulse.net is reporting UUNet and Internap are being hit very hard. This is the cause of major connectivity problems being experienced worldwide. It is believed this worm leverages a vulnerability published in June 2002. Several core routers have taken to blocking port 1434 outright. If you run Microsoft SQL Server, make sure the public internet can't access it. If you manage a gateway, consider dropping UDP packets sent to port 1434." bani adds "This has effectively disabled 5 of the 13 root nameservers."

Every Server, eh?

[thefluxster]

"Since about midnight EST almost every host on the internet has been receiving a 376 byte UDP payload on port ms-sql-m (1434) from a random infected server."

Is anyone else offended that this user thinks that EVERY server runs MS SQL or even Microsoft Anything? Our servers haven't been affected at all by this, FYI.

Re:Turn your SQL server off?

[The+AtomicPunk]

What a pathetic overkill response.If you're running SQL server, make sure it's patched. When the last set of bind exploits came out no-one said "Unplug all your DNS servers", why is this any different?

I guess we should expect this kind of general cluelessness from an MS SQL admin.