[MLB-WIRELESS] Fw: URGENT: New SQL Worm?

Michael Carey mcarey4 at bigpond.net.au
Sun Jan 26 16:03:07 EST 2003 

I just took a look at the system log on my SnapGear router. Lots and lots
and lots and lots of request on port 1434.  Nasty business that!
Regards,
Michael.

----- Original Message -----
From: "Steven Haigh" <netwiz at optusnet.com.au>
To: "Melbourne Wireless" <melbwireless at wireless.org.au>
Sent: Sunday, January 26, 2003 12:26 AM
Subject: [MLB-WIRELESS] Fw: URGENT: New SQL Worm?


> for the info of people on this list who may be affected....
>
> Signed,
> Steven Haigh
> http://wireless.org.au
> (Visit https://wireless.org.au to install our Root Certificate.)
>
> You can lead a fool to wisdom but you can't make him think.
>
>
> ----- Original Message -----
> From: "Russ" <Russ.Cooper at RC.ON.CA>
> To: <NTBUGTRAQ at LISTSERV.NTBUGTRAQ.COM>
> Sent: Saturday, January 25, 2003 10:47 PM
> Subject: Re: URGENT: New SQL Worm?
>
>
> > Here's what TruSecure has gathered so far;
> >
> > 1. SQL Server 2000 and Microsoft SQL Desktop Engine (MSDE) 2000 are
> > affected
> >
> > 2. MS02-039 patches the vulnerability this new worm is attacking. This
> > fix is also included in SQL Server SP3.
> >
> > 3. Anyone who took the appropriate actions to protect against SQL-Spida
> > is protected against this worm. Those actions included;
> >
> > a) Blocking inbound access to UDP1434, the SQL Server 2000 Resolution
> > Service port. This port is similar to the RPC End Point Mapper port
> > (TCP135) which redirects client requests for a server service to a
> > dynamically allocated port.
> >
> > b) Patching
> >
> > 4. The biggest effect so far appears to be the amount of traffic
> > generated. Some reports indicate as much as 500Mbps of traffic caused by
> > this worm. No reports of the compromised systems being damaged have been
> > sent (so far). Overall Internet Latency was seriously affected
> > overnight, but it appears to be recovering;
> >
> > http://average.miq.net/
> >
> > 5. Microsoft, the White House, the FBI, and CERT have all been notified;
> >
> > http://story.news.yahoo.com/news?tmpl=story&u=/ap/20030125/ap_wo_en_po/n
> > a_gen_internet_attack_2
> >
> > 6. I personally have received over 10,000 attacks between midnight
> > (eastern) and 6:00am.
> >
> > Cheers,
> > Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
> >
> >
>
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> > Delivery co-sponsored by TruSecure Corporation
> >
>
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> > TICSA - Anniversary Special - Limited Time
> >
> > Become TICSA certified for just $221.25 US when you register before
> 3/31/03
> > with PROMO "TS0103" at www.2test.com.  NO membership fees, certification
> > good for 2 years. Price for international delivery just $296.25 US, with
> > this offer.  Offer cannot be combined with any other special and expires
> > 3/31/03. Visit www.trusecure.com/ticsa for full details.
> >
> >
>
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> >
>
>
> To unsubscribe: send mail to majordomo at wireless.org.au
> with "unsubscribe melbwireless" in the body of the message
>


To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message

More information about the Melbwireless mailing list