Gossamer Forum
Home : General : Databases and SQL :

SQL Server Worm

Quote Reply
SQL Server Worm
http://story.news.yahoo.com/...cmp/inw20030125s0001
========================================
Buh Bye!

Cheers,
Me
Quote Reply
Re: [Stealth] SQL Server Worm In reply to
Yup I heard about that the other day - its making my ftp transfers really slow :(
Quote Reply
Re: [Stealth] SQL Server Worm In reply to
Pretty scary stuff. Can you imagine the number of MS SQL servers that have been compromised, and all the data on it that could be affected? All those webstores that you visit... Yikes.

Cheers,

Alex
--
Gossamer Threads Inc.
Quote Reply
Re: [Alex] SQL Server Worm In reply to
"Symantec said the worm had infected at least 22,000 systems by 9 am Eastern time."

That is definitely scary..they weren't specific about how many individual servers were affected, but it's definitely scary.
========================================
Buh Bye!

Cheers,
Me
Quote Reply
Re: [Alex] SQL Server Worm In reply to
I really can't believe the big corporations not patching up their systems, though. There's been a fix for this available for 6 months and it still struck big named companies.

And for the US bank that knocked out it's ATM machines? I really don't get this one. Surely your ATM machines should be on a private closed network -- what were these doing connected up to the internet is beyond me.

- wil
Quote Reply
Re: [Wil] SQL Server Worm In reply to
Yea...it is absurd...the company that I work for was the only Windows customers at the data center where our servers are hosted that was not hit by the worm. Our tech support contacts were busy as bees today assisting other customers with re-building their SQL Servers.
========================================
Buh Bye!

Cheers,
Me
Quote Reply
Re: [Stealth] SQL Server Worm In reply to
So was Microsoft:

http://news.com.com/2100-1001-982305.html

=)

Cheers,

Alex
--
Gossamer Threads Inc.
Quote Reply
Re: [Alex] SQL Server Worm In reply to
Thanks for the article, Alex. I shared it with some of my co-workers...we had a good laugh...
========================================
Buh Bye!

Cheers,
Me
Quote Reply
Re: [Stealth] SQL Server Worm In reply to
I just read a good article on this worm:

http://www.caida.org/...pphire/sapphire.html

A nice quote from the bugtraq post:

Quote:
We have completed our preliminary analysis of the spread of the Sapphire/Slammer SQL worm. This worm required roughly 10 minutes to spread worldwide making it by far the fastest worm to date. In the early stages the worm was doubling in size every 8.5 seconds. At its peak, achieved approximately 3 minutes after it was released, Sapphire scanned the net at over 55 million IP addresses per second. It infected at least 75,000 victims and probably considerably more.

Just staggering. Got through 90% of the internet in 10 minutes. Top that google. =)

Cheers,

Alex
--
Gossamer Threads Inc.
Quote Reply
Re: [Alex] SQL Server Worm In reply to
Heh, I bet they end up employing the person who wrote it ;)
Quote Reply
Re: [Stealth] SQL Server Worm In reply to
Yeah, I work for a very large corporation, and my team supports 700+ servers across the US. I got called during kickoff of the Superbowl, and had to go into the office! Mad I was there until early morning of the next day. Our network team blocked the UDP traffic on our routers, so that helped tremendously while we patched our servers.

Sean
Quote Reply
Re: [SeanP] SQL Server Worm In reply to
Then you'll know next time to patch your servers with readily-available patches before it becomes a problem? :-)

/me ducks.

- wil
Quote Reply
Re: [Wil] SQL Server Worm In reply to
The first patch we received from Microsoft was a manual patch which involved overwriting dlls and such, and was a major pain. They then release an automatic patch that was a simple install which made things much easier. Cool

Sean

Last edited by:

SeanP: Feb 4, 2003, 9:19 AM