No, it's not SPIDA. Had it been, he wouldn't have been able to log on as SA from another system, which he was able to do. Spida changes the password and attacks the sa account when no password is set.

K. Brian Kelley

http://www.truthsolutions.com/

Author: Start to Finish Guide to SQL Server Performance Monitoring

http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1