SQL Server Worm Virus
-
I took the info from the article ' Security Alert: SQL Server Worm Virus Attacking Systems' to our technical controller and he wanted to know the name of the virus to check if our installed virus software was checking for it or not. Can anyone help?
-
As far as I know, there is not name yet. Not sure if there will be a patch since you would have to scan all connections to SQL Server and read the text of the query.
BTW, there is NO reason for anyone to be affected by this. Put a password on SA!
Steve Jones
-
W32.Cblade.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.cblade.worm.html
K. Brian Kelley
http://www.sqlservercentral.com/columnists/bkelley/
K. Brian Kelley
@kbriankelley -
-
Thanks guys, I have passed the info onto our technical controller. All SQL Servers under my control do have a password for SA, but we have one that was set up by an outside body which does not
but you can guess that I will soon be changing that!!!! -
Wow. Though I'm not surprised, I guess. I understand why Microsoft probably didn't send anything about it because they don't consider it a security vulnerability (assuming everyone would throw a password on the sa account).
K. Brian Kelley
http://www.sqlservercentral.com/columnists/bkelley/
K. Brian Kelley
@kbriankelley -
caveat DBA. If you have no pwd, then MS doesn't want to hear it and I agree in this case.
Steve Jones
-
I totally agree, I made sure all the sa accounts on the servers I was responsible for had passwords, everyone here thought I was being a control freak, but the idea of having a system admin account with no password just horrified me! I have already tackled the outside company about their lack of sa password and the potential threat to our network. I guess the people here are so used to the Vax environment that they can't get to grips with SQL Server, they figure that if an account has the option of not having a password then it can't possibly ever pose a threat to the system! Little do they know! Perhaps now they will listen to me!
-
We dealt with this issue with a former organization. Had a group of contractors in working on a Sybase database running on NT 4.0 and they thought nothing of leaving the Windows NT box administrator set with the password of password. Since we were the tech shop, we quickly demonstrated by taking over the development box (production box was set the same). It took them a while to understand exactly what we had done and what we were capable of doing should we have been a malicious entity. But eventually comprehension dawned ("Oh man! You could have wiped us out!"). It just takes some time. Frustrating, hair-pulling time, but eventually they get it.
K. Brian Kelley
http://www.sqlservercentral.com/columnists/bkelley/
Edited by - bkelley on 12/10/2001 12:54:26 PM
K. Brian Kelley
@kbriankelley
but you can guess that I will soon be changing that!!!!Viewing 10 posts - 1 through 9 (of 9 total)
You must be logged in to reply to this topic. Login to reply