SQL Worm Causes Chaos

By Pete | @kingpetey | 26 Jan 2003

A virus targeting Microsoft SQL server is causing chaos around the world because of the high traffic it is producing. The worm takes advantage of a vulnerability in Microsoft?s SQL Server 2000 allowing affected SQL Servers to send the dangerous packet to other affected SQL Server throughout the world. This results in massive amounts of network traffic causing servers to become very slow or fail.

The virus resides in the memory of the infected machine and so virus scanners that don?t search the memory will not detect the virus. The virus keeps sending 367 bytes of random code across port 1434/UDP until the server crashes.

However this vulnerability isn?t a new problem and Microsoft released a security fix over 6 months ago. The fix can be found here . The virus is easy to cure with this patch and any admin who thinks that their server is infected in advised to install the patch. Admins are also advised to block port 1434/UDP with their firewalls or their ISPs routers to stop the attacks.

The worm has caused problems especially with DNS servers and many people found yesterday that the internet was slow or certain webpages were inaccessible. Questions will be asked of Microsoft and of server admins as to why such a security hazard happened this weekend.

Links

here
here
here
here

[Last edited on January 26, 2003 at 2:27:54pm by pwhite]