-----Original Message-----
From: Russ [mailto:[EMAIL PROTECTED]] 
Sent: Saturday, January 25, 2003 3:47 AM
To: [EMAIL PROTECTED]
Subject: Re: URGENT: New SQL Worm?


Here's what TruSecure has gathered so far;

1. SQL Server 2000 and Microsoft SQL Desktop Engine (MSDE) 2000 are affected

2. MS02-039 patches the vulnerability this new worm is attacking. This fix
is also included in SQL Server SP3. 

3. Anyone who took the appropriate actions to protect against SQL-Spida is
protected against this worm. Those actions included;

a) Blocking inbound access to UDP1434, the SQL Server 2000 Resolution
Service port. This port is similar to the RPC End Point Mapper port
(TCP135) which redirects client requests for a server service to a
dynamically allocated port.

b) Patching

4. The biggest effect so far appears to be the amount of traffic generated.
Some reports indicate as much as 500Mbps of traffic caused by this worm. No
reports of the compromised systems being damaged have been sent (so far).
Overall Internet Latency was seriously affected overnight, but it appears to
be recovering;

http://average.miq.net/

5. Microsoft, the White House, the FBI, and CERT have all been notified;

http://story.news.yahoo.com/news?tmpl=story&u=/ap/20030125/ap_wo_en_po/n
a_gen_internet_attack_2

6. I personally have received over 10,000 attacks between midnight
(eastern) and 6:00am.

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure Corporation
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
TICSA - Anniversary Special - Limited Time

Become TICSA certified for just $221.25 US when you register before 3/31/03
with PROMO "TS0103" at www.2test.com.  NO membership fees, certification
good for 2 years. Price for international delivery just $296.25 US, with
this offer.  Offer cannot be combined with any other special and expires
3/31/03. Visit www.trusecure.com/ticsa for full details.

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

------
You are subscribed as [email protected]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]

Reply via email to