Thought this might be interesting.
----- Original Message ----- From: "Peter Tilbrook" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Thursday, May 23, 2002 3:39 AM Subject: SOT: SQL Server virus > Worm hits SQL servers > > A NEW worm which has infected thousands of servers running Microsoft SQL > server, although security vendor Symantec says it is not a serious threat. > > The worm, known as Spida Worm, js.spida.b.worm, Double Tap and SQLSnake, > searches for access the databases via the default system administrator > login, and then forwards database configuration information and the password > database to an email address. > As well as its security violations, it can create a huge traffic burden by > running up to 100 scans simultaneously, for both local and remote hosts. > > Symantec has given the worm a rating of 2 on a scale of 1 to 5, but Security > software vendor ISS X-Force, which issued an alert on the worm, said it was > responsible for millions of port scans on the internet so far. Incidents.org > reports scans of the 1433 port, which the worm probes, had jumped > dramatically since Monday, although they began to slow yesterday. > > Head of ISS's Global Threats Operations Centre, Dennis Treece, said it > simply exploited the tendency to not reconfigure default system settings. > > "It's not a vulnerabilty of the software, which is usually the case with a > Microsoft issue, it's actually... exploiting the fact that people are > sometimes lazy and don't put a password on the account," Mr Treece said. > > The worm appeared to be forwarding database files to a mail-forwarding > service in Singapore with the domain name postone.com > > ISS was trying to contact the administrators of the service, he said. > > The worm installs several files, including files named sqlprocess.js, > sqlexec.js, and clemail.exe, into the Windowssystem32 directory. > > ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
