SQL Server Worm on the Loose
A new worm that attacks the popular Microsoft database product is spreading rapidly on the Internet and is showing no signs of slowing down, infecting at a rate of about 100 systems per hour.A new worm that attacks a popular Microsoft Corp. database product is spreading rapidly on the Internet and is showing no signs of slowing down, security experts say. The worm began spreading Monday afternoon and is attacking servers running any version of Microsofts SQL Server database software, according to officials at SecurityFocus, a provider of threat management systems. The company first began seeing infections late Monday afternoon and has seen a total of about 1,400 to 1,600 so far, with new infections coming at the rate of about 100 per hour. Riptech Inc., a managed security services provider based in Alexandria, Va., said it has seen a 100-fold increase in the number of unique IP addresses scanning for SQL machines in the past 24 hours.
The worm scans the Internet for machines running SQL Server that dont have a password specified. It then either takes a guest account or creates a new account and gives it administrative privileges. The worm then changes the password.