|
 |
|
 |
| Tuesday, February 07, 2012
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
kevin |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
56 |
 |
People Online: |
 |
Visitors:
7 |
 |
Members:
0 |
 |
Total:
7 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 01/25/2003 4:49 PM |
|
| What Is It?
There is a new worm similar to the CODE RED worm, only this one targets SQL Server installations. The worm will infect a SQL Server or MSDE runtime environment and install code on it which will scan for other available SQL Server installations and attempt to infect them. This virus is a RAPID SPREADING VIRUS. Immediate action should be taken to protect your systems. The latest Norton Antivirus will detect and prevent infection, as will MS SQL Server service pack 2 or better. Service pack 3 provides the best detection and prevention and was recently released.
The virus sends out so many packets that it creates a denial of service on the exposed SQL Server. If you're experiencing slow response time from your SQL Server it may well be infected. Remember that Microsoft Access version 2000 or XP both allow an optional install of MSDE. If you've installed MSDE and the service is running YOU ARE VULNERABLE!
What Should You Do?
Use HFNETCHK (available from www.microsoft.com/security) or go to http://www.microsoft.com/sql/downloads/2000/sp3.asp to download the latest version of SQL Server SP3, and apply it according to the instructions.
If you have a firewall you can hide port 1433 from the outside internet to prevent packets from going through to the service control port on SQL Server. You can also change that port by reconfiguring SQL Server to use a different port. If you're not sure how to do this, at least shut down your SQL Server or MSDE environment until you can get it patched and protected
Additional Information
Norton notes on this worm: http://www.sarc.com/avcenter/venc/data/w32.sqlexp.worm.html
McAfee notes on this worm: http://vil.mcafee.com/dispVirus.asp?virus_k=99992
This concludes this VirusWarning notice, dated Thursday 1/25/2002
Lee Drake
Aztek Computer Solutions, Inc.
39 N. Goodman St.
Rochester, NY 14607
585-242-2060
ldrake@aztekcs.net
|
|
|
|
|
Lee Drake
Posts:238
|
| 01/25/2003 4:49 PM |
|
| Note the following NEW information about this worm:
1) You need BOTH Service pack 2 for SQL Server AND the patch MS02-061. JUST HAVING SP2 is NOT adequate protection. This applies to both SQL Server and MSDE. If you're not going to apply SP3, then be sure to get MS02-061 at:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-061.asp
and
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q316333&sd=tech
You can obtain SP2 at:
http://www.microsoft.com/sql/downloads/2000/sp2.asp?SD=TECH&LN=en-us&gssnb=1
2) There is not, yet, an MSDE version of SP3 - you will need to apply the above fixes for MSDE.
Lee Drake
ldrake@aztekcs.net
|
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|
|
|
|
|