razprostranqwa se po udp destination port 1434 (koeto maj se polzwa ot MSSQL Monitor). Source porta e pyrwiq visok port kojto operacionnata sistema dade. Goleminata na celiq worm, sys headerite, exploita i razprashtaneto e 404 bytes. MSSQL Monitor raboti s privilegii na potrebitelq System i syotwetno i worma raboti s takiwa... kakto i vseki kojto pronikne w mashinata izpolzwajki exploit vyrhu syshtiq service. Nqma nikakwi dopylnitelni efekti (kato backdoors, etc) vyv worma. Ne se zapiswa nishto po hard diska na mashinata, nito se promenqt kakwito i da e danni. Prilichno byrza mashina zakachena na 100mbps ethernet generira okolo 40mbps trafik. dokato e zarazena mashinata ne mojesh da se swyrjesh kym neq sys SQL monitor-a, zashtoto worma nqkak blokira service-a. Zarazqwa samo MSSQL 2000 serveri, na koito ne e instaliran service pack 3 (kojto e izleznal predi okolo mesec) ili konkretniq patch za buga ot juli minalata godina. Kakto obiknovenno se sluchva - patch ima ot polovin godina, no potrebitelite ne sa go instalirali. Restartiraneto iztriva cherveq ot pametta.
Za boga bratq patchwajte nawreme. BR, Boyan > -----Original Message----- > From: raptor [mailto:[EMAIL PROTECTED]] > Sent: Sunday, January 26, 2003 6:39 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: lug-bg: e sia si eba mamata > > > On Sun, 26 Jan 2003 16:04:01 +0200 > "Marian Popov" <[EMAIL PROTECTED]> wrote: > > |Moje li da mi kajete za tozi worm neshto poveche. > |Za Linux li e ili za Windows ili niama znachenie vajnoto e > |da imash SQL server ? > > ]- Samo za MS SQL, toest samo Windows. Drugite sql serveri ne > sa zasegnati... > ============================================================== > ============== > A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). > http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. > - Stara Zagora > To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html > ============================================================== > ============== > ============================================================================ A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html ============================================================================
