-Caveat Lector- ***************************************************************** ****************** SYMANTEC SECURITY ALERT ********************** ************ Alert! W32.SQLExp.Worm Category 3 ***************** *****************************************************************
WARNING: W32.SQLExp.Worm Threat level: Category 3 Type: Worm ************************************************** What is W32.SQLExp.Worm and how does it affect me? ************************************************** W32.SQLExp.Worm targets systems running Microsoft SQL Server 2000, as well as Microsoft Desktop Engine (MSDE) 2000. The worm sends 376 bytes to UDP port 1434, the SQL Server Resolution Service Port. Symantec Security Response has detected a significant increase in the unique number of source IPs scanning for UDP port 1434. Symantec Security Response highly recommends all users of either Microsoft SQL Server 2000 or MSDE 2000 audit their machines for the vulnerabilities referred to in Microsoft Security Bulletin MS02-039 and Microsoft Security Bulletin MS02-06. Microsoft Security Bulletin MS02-039 http://www.microsoft.com/technet/treeview/default.asp? url=/technet/security/bulletin/MS02-039.asp Microsoft Security Bulletin MS02-06 http://www.microsoft.com/technet/treeview/default.asp? url=/technet/security/bulletin/MS02-061.asp Symantec Security Response also recommends configuring perimeter devices to block UDP traffic to port 1434 from unknown hosts. The worm has the unintended payload of performing a Denial of Service due to the large number of packets it sends out. ************************************************** WHAT ACTION CAN I TAKE FROM HERE? ************************************************** Because the worm is only resident in memory, and is not written to disk, it is not detectable using virus definitions. Symantec Security Response has provided a tool to remove infections of W32.SQLexp.Worm. Click here to obtain the tool: http://securityresponse.symantec.com/avcenter/venc/data/w32.sqlexp.w orm.removal.tool.html Symantec Security Response encourages all Norton AntiVirus users to regularly download virus definitions in order to protect against future threats. For more information on how to run LiveUpdate, please go here: http://service1.symantec.com/SUPPORT/sharedtech.nsf/docid/1999121613 163206 <UPGRADE CUSTOMERS> If you have an older version of Norton AntiVirus and would like to upgrade to Norton AntiVirus 2003, please go here: http://nct.symantecstore.com/0001/upgrade_center.html <NEW CUSTOMERS> If you would like to purchase Norton AntiVirus 2003, Please go here: http://www.symantecstore.com/51410/nav ************************************************** Sincerely, Symantec Security Response Team Symantec Corporation ****************** Scan for Viruses. Free! ******************** Free Service. Check your system online using Symantec's award- winning virus detection technology to determine if it is infected by any known virus or Trojan horse. Click Here -> http://www.symantec.com/securitycheck ********************* Special Offers ************************* Visit the Symantec Store Web site for comprehensive security solutions and special Symantec promotions. Click Here -> http://www.symantecstore.com/51410 For non-English products, please visit our global store at: http://www.symantecstore.com/global/ *********** Subscribe to Symantec Security Alert *************** Subscribe to the Symantec Security Alert to find out about the latest worms, viruses and Trojans. Click here to subscribe: http://nct.symantecstore.com/virusalert ****************************************************************** Copyright (c) 1995-2003 Symantec Corporation. All rights reserved. Other brands and products are trademarks of their respective holder(s). DO NOT REPLY TO THIS MESSAGE. If you require Customer Service or Technical Support, please check the Symantec Web site for contact information at http://www.symantec.com Should you wish not to receive this Symantec Security Alert Service, simply unsubscribe or change your e-mail address at: http://www.digitalriver.com/v2.0-bin/ecm/opt-out?uid=fks2bz2bz9yekvhj7 For information on Symantec's Return Policy, please click here: http://www.symantecstore.com/return_policy Symantec Corporation 20330 Stevens Creek Boulevard Cupertino, CA 95014 <A HREF="http://www.ctrl.org/">www.ctrl.org</A> DECLARATION & DISCLAIMER ========== CTRL is a discussion & informational exchange list. Proselytizing propagandic screeds are unwelcomed. Substance—not soap-boxing—please! These are sordid matters and 'conspiracy theory'—with its many half-truths, mis- directions and outright frauds—is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRLgives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://peach.ease.lsoft.com/archives/ctrl.html <A HREF="http://peach.ease.lsoft.com/archives/ctrl.html">Archives of [EMAIL PROTECTED]</A> http:[EMAIL PROTECTED]/ <A HREF="http:[EMAIL PROTECTED]/">ctrl</A> ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om