No, it's not SPIDA. Had it been, he wouldn't have been able to log on as SA from another system, which he was able to do. Spida changes the password and attacks the sa account when no password is set.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley