MS SQL Worm Roundup
by HNS Staff - last update: 29 January 2003,11:20 AM CET


Internet Storm Centar (SANS) - Port 1434 MS-SQL Worm Analysis and Spread Graphs

Starting 06:30 UTC ( 00:30 EST ) on Saturday Jan 25th 2003, worldwide traffic for port 1434 UDP increased rapidly causing major Internet links to fail. ISPs responded quickly by blocking port 1434. While traffic is still strong in some areas. It dropped significantly since its peak. About 35,000 hosts seem to be infected at this point.



Matthew Murphy's Homepage - Analysis of Sapphire SQL Worm

When an SQL server is infected by this worm, the worm immediately sets up a stack frame with information that it needs for propogation. It locates the GetTickCount API as well as several other WinSock APIs. It does not search for the LoadLibraryA and GetProcAddress APIs, and instead locates them by searching the IAT of sqlsort.dll...



Veritas Support Center - SQL Slammer Causes MSDE Components Included with Backup Exec 9.0 and ExecView 3.1 to Flood the Network

VERITAS Technical Support has recently discovered that Backup Exec 9.0 servers may be susceptible to infection by the "W32.SQLExp.Worm" (also known as "SQL Slammer" discovered 1/24/2003). This TechAlert is to inform you of the circumstances and/or conditions under which this problem could occur and to provide the remedy for it.



Virus vendors on the MS SQL worm

Sophos: W32/SQLSlam-A

Kaspersky Lab: Worm.SQL.Helkern (aka SQLSlammer)

RAV: Win32/SQLSlammer.worm

BitDefender: Win32.Worm.SQLExp.Slammer.A

McAfee: W32/SQLSlammer.worm

F-Secure: Sapphire Worm

Norman: W32/SQLSlammer.A

NOD32: Worm Win32/SQL.Slammer

Symantec: W32.SQLExp.Worm

Trend Micro: WORM_SQLP1434.A

Press Release: New Code Red-Like Hacking Tool to "Slam" SQL Servers

Press Release: New Worm Slams The Internet - Hard

Press Release: Panda Software alerts on W32/SQLSlammer

Press Release: Panda: The First and Only Antivirus Developer to Integrate Protection Against SQLSlammer Type Worms

Spotlight

Android Fake ID bug allows malware to impersonate trusted apps

Posted on 29 July 2014.  |  Bluebox Security researchers unearthed a critical Android vulnerability which can be used by malicious applications to impersonate specially recognized trusted apps - and get all the privileges they have - without the user being none the wiser.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //