Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » SQL Worm Overwhelms Global Internet Systems over the night

SQL Worm Overwhelms Global Internet Systems over the night

by Nikola Strahija on January 26th, 2003 Traffic on the many parts of the Internet slowed dramatically for hours early Saturday, the apparent effects of a fast-spreading, virus-like infection that overwhelmed the world's digital pipelines and interfered with Web browsing and delivery of e-mail. Sites monitoring the health of the Internet reported significant slowdowns globally.


Experts said the electronic attack bore remarkable similarities to the "Code Red" virus during the summer of 2001 which also ground traffic to a halt on much of the Internet. "It's not debilitating," said Howard Schmidt, President Bush's No. 2 cyber-security adviser. "Everybody seems to be getting it under control." Schmidt said the FBI's National Infrastructure Protection Center and private experts at the CERT Coordination Center were monitoring the attacks.

The virus-like attack, which began about 12:30 a.m. EST, sought out vulnerable computers on the Internet to infect using a known flaw in popular database software from Microsoft Corp., called "SQL Server 2000." But the attacking software code was scanning for victim computers so randomly and so aggressively — sending out thousands of probes each second — that it overwhelmed many Internet data pipelines. "This is like Code Red all over again," said Marc Maiffret, an executive with eEye Digital Security, whose engineers were among the earliest to study samples of the attack software. "The sheer number of attacks is eating up so much bandwidth that normal operations can't take place." "The impact of this worm was huge," agreed Ben Koshy of W3 International Media Ltd., which operates thousands of Web sites from its computers in Vancouver. "It's a very significant attack." Koshy added that, about six hours after the attack, commercial Web sites that had been overwhelmed were starting to come back online as engineers began effectively blocking the malicious data traffic....continued...

Click here to read what F-Secure has to say- http://www.snpx.com/cgi-bin/news2.cgi?target=http://c.moreover.com/click/here.pl?j58438881

Applying Patches - This malware exploits known vulnerabilities in Microsoft SQL Server 2000.
McAfee is recommending that system admins apply the patches MS02-034( http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-034.asp)and MS02-039(http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-039.asp), available from Microsoft and restart the server. This will clear the virus from memory and prevent reinfection.

Temporary Blocking of UDP Port 1434 - As a temporary workaround until systems are patched, , system admins can block UDP port 1434 to prevent external attackers from exploiting this vulnerability until their system is patched..

It is all kind of ironic that this massive attack should occur so soon after Bill Gates issued his Security in a Connected World email and that the worm was able to infect and inflict such damage using a KNOWN FLAW in the popular "Microsoft SQL Server 2000. On the good side of things at least MS did have the patches out long before the worm started. So kudos to MS and a slap on the head for the system admins that were infected because they were not keeping up with their patches.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »