Not too off topic. I posted this to the [EMAIL PROTECTED] list a day or so back and it's covered in the latest issue of Fusion Authority. As many CF programmers and shops use SQL, it's an important security issue. Thanks for posting it.
> Worm hits SQL servers > > A NEW worm which has infected thousands of servers running Microsoft SQL > server, although security vendor Symantec says it is not a serious threat. > > The worm, known as Spida Worm, js.spida.b.worm, Double Tap and SQLSnake, > searches for access the databases via the default system administrator > login, and then forwards database configuration information and the password > database to an email address. > As well as its security violations, it can create a huge traffic burden by > running up to 100 scans simultaneously, for both local and remote hosts. > > Symantec has given the worm a rating of 2 on a scale of 1 to 5, but Security > software vendor ISS X-Force, which issued an alert on the worm, said it was > responsible for millions of port scans on the internet so far. Incidents.org > reports scans of the 1433 port, which the worm probes, had jumped > dramatically since Monday, although they began to slow yesterday. > > Head of ISS's Global Threats Operations Centre, Dennis Treece, said it > simply exploited the tendency to not reconfigure default system settings. > > "It's not a vulnerabilty of the software, which is usually the case with a > Microsoft issue, it's actually... exploiting the fact that people are > sometimes lazy and don't put a password on the account," Mr Treece said. > > The worm appeared to be forwarding database files to a mail-forwarding > service in Singapore with the domain name postone.com > > ISS was trying to contact the administrators of the service, he said. > > The worm installs several files, including files named sqlprocess.js, > sqlexec.js, and clemail.exe, into the Windowssystem32 directory. > > ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
