Oracle 'Worm' Exploit Modified

answers writes "Two months after an anonymous researcher released the first public example of an Oracle database worm, the exploit code has been advanced and republished, adding new techniques to attack databases. From the article: "It's still very theoretical right now, but I don't think any DBA should be underestimating the risk," said Alexander Kornbrust, CEO of Red-Database-Security GmbH. "If you're running a large company with hundreds of valuable databases, a worm can be very destructive. It is very possible to use this code to release a worm. I can do this right now if I wanted to.""

firewalls?

[mtenhagen]

How many oracle db's are connected directly to the internet? Even within most company's their isnt a direct connection option to the db but only thru an application.

Of course this is an exploit but the impact shouldn't be overrated.

Backup Data?

[Artie+Dent]

It seems that any "valuable database" would be sufficiently backed up in non-attackable media. So while it probably could create a lot of hassle, I'd have a hard time seeing this worm bringing down companies.