Post reply

SQL Worm?

  • January 25, 2003 at 1:48 am

    #64493

    We have seen a big problem with major latency due to SQL server scans according to upstream providers. Has anyone seen any issues or informations?!

    Thanks,

    Neil

  • January 25, 2003 at 3:49 am

    #447219

    Yes actually, our sysadmin scanned 1/2 gig of logs to figure out there is a new worm out there that is circulating .... and is written so well that it will fully saturate your pipe. There are massive ddos attacks that are mounted from this, then it tries to replicate.

  • January 25, 2003 at 4:39 am

    #447220

    Have you been able to find a resolution to cleaning the worm or a way of pinpointing what machines are infected and which aren't?

  • January 25, 2003 at 9:30 am

    #447223

    best info to date that I have found:

    http://www.eeye.com/html/Research/Flash/AL20030125.html

    patch:

    http://www.microsoft.com/Downloads/details.aspx?displaylang=en&FamilyID=DCFDCBE9-B4EB-4446-9BE7-2DE45CFA6A89

  • January 25, 2003 at 9:58 am

    #447224

    It attacks a vulnerability reported in MS02-039. Service Pack 3 includes the patch.

    K. Brian Kelley

    http://www.truthsolutions.com/

    Author: Start to Finish Guide to SQL Server Performance Monitoring

    http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1

    K. Brian Kelley
    @kbriankelley

  • January 25, 2003 at 10:06 am

    #447225

    does this affect sql server 7 also? or does it affect only sql 2000 machines

    Paras Shah

    Evision Technologies

    Mumbai, India


    Paras Shah
    Evision Technologies
    Mumbai, India

  • January 26, 2003 at 2:13 pm

    #447235

    The original commented vulnerability only reported that SQL Server 2000 versions were vulnerable. Block UDP port 1434 at the firewall to be safe.

    K. Brian Kelley

    http://www.truthsolutions.com/

    Author: Start to Finish Guide to SQL Server Performance Monitoring

    http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1

    K. Brian Kelley
    @kbriankelley

  • January 27, 2003 at 2:15 am

    #447248

    Hello,

    We have had the same problem this week-end.

    The resolution is to apply SP3 on MSSQL 2000, or Q323875 hotfix.

    But, it should be a memory problem with the HotFix.

    Alexis

    DBA, Philip Morris

  • January 27, 2003 at 1:44 pm

    #447344

    I tried the hotfix, but it's not working on my XP box. I currently have SQL 2000 SP2 on it. Has anyone got it to work?

    I'd try SP3, but we had a terrible time getting the MSDE SP2 merge modules, and I'm not convinced we can get them this time. If we can't get them for SP3, SP3 is not a solution for us.

    Steve



    Steve Miller

  • January 27, 2003 at 2:21 pm

    #447346

    There is also a standalone patch for this bug. Check out microsoft.com Q323875 hotfix.

    Paras Shah

    Evision Technologies

    Mumbai, India


    Paras Shah
    Evision Technologies
    Mumbai, India

  • January 28, 2003 at 12:20 pm

    #447392

    Look for MS02-061 there is an updated version that is a rollup of all prior and is in installer format so it's easy to fix.

    Supposedly McAfee has a way to remove the virus, but if you patch the machine and reboot it's gone.

    Note you MUST be at SP2 to apply this patch, it affects SQL2k and MSDE.

    This patch brings you to the latest pre SP3.

    KlK, MCSE

    Edited by - kknudson on 01/28/2003 12:20:43 PM


    KlK

Viewing 11 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic. Login to reply