This worm has about 44megs of payload. The payload is MSSQL service pack 3. What if there are worst holes in it.
K On Sat, 25 Jan 2003, Stewart, William C (Bill), SALES wrote: > > So the worm is sending out tons of UDP1434 packets > that let it break into MS-SQL servers and reproduce, > and that's certainly annoying because of the traffic floods. > But is it carrying anything else that will do more damage, > or anything that leaves it a security hole to be exploited later? > It would be really annoying if machines that aren't cleaned up > later reformat themselves or hang out waiting for further instructions. > > Also, several people have commented that restarting their > MS-SQL servers stops the problem. Does it just stop the flooding, > but leave code there, or does the worm strictly live in > transitory data space that's really gone after a restart. > > Several people have talked about bursts of ICMP or 6667 traffic, > and those are probably unrelated, but maybe not. > (What? More than one cracker on the net or more than one > program that chokes when overloaded? Who'd'a' thunk it!) >
