[MLB-WIRELESS] Fw: URGENT: New SQL Worm?

Sun Jan 26 00:56:55 EST 2003

for the info of people on this list who may be affected....

Signed,
Steven Haigh
http://wireless.org.au
(Visit https://wireless.org.au to install our Root Certificate.)

You can lead a fool to wisdom but you can't make him think.

----- Original Message -----
From: "Russ" <Russ.Cooper at RC.ON.CA>
To: <NTBUGTRAQ at LISTSERV.NTBUGTRAQ.COM>
Sent: Saturday, January 25, 2003 10:47 PM
Subject: Re: URGENT: New SQL Worm?

> Here's what TruSecure has gathered so far;
>
> 1. SQL Server 2000 and Microsoft SQL Desktop Engine (MSDE) 2000 are
> affected
>
> 2. MS02-039 patches the vulnerability this new worm is attacking. This
> fix is also included in SQL Server SP3.
>
> 3. Anyone who took the appropriate actions to protect against SQL-Spida
> is protected against this worm. Those actions included;
>
> a) Blocking inbound access to UDP1434, the SQL Server 2000 Resolution
> Service port. This port is similar to the RPC End Point Mapper port
> (TCP135) which redirects client requests for a server service to a
> dynamically allocated port.
>
> b) Patching
>
> 4. The biggest effect so far appears to be the amount of traffic
> generated. Some reports indicate as much as 500Mbps of traffic caused by
> this worm. No reports of the compromised systems being damaged have been
> sent (so far). Overall Internet Latency was seriously affected
> overnight, but it appears to be recovering;
>
> http://average.miq.net/
>
> 5. Microsoft, the White House, the FBI, and CERT have all been notified;
>
> http://story.news.yahoo.com/news?tmpl=story&u=/ap/20030125/ap_wo_en_po/n
> a_gen_internet_attack_2
>
> 6. I personally have received over 10,000 attacks between midnight
> (eastern) and 6:00am.
>
> Cheers,
> Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
>
>
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> Delivery co-sponsored by TruSecure Corporation
>
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> TICSA - Anniversary Special - Limited Time
>
> Become TICSA certified for just $221.25 US when you register before
3/31/03
> with PROMO "TS0103" at www.2test.com.  NO membership fees, certification
> good for 2 years. Price for international delivery just $296.25 US, with
> this offer.  Offer cannot be combined with any other special and expires
> 3/31/03. Visit www.trusecure.com/ticsa for full details.
>
>
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
>

To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message