Posted on 05/23/2002 5:47:43 AM PDT by TechJunkYard
May 21 — A new worm that targets Microsoft SQL servers has begun squirming through the Internet, experts said Tuesday. Called DoubleTap by vulnerability analysis firm SecurityFocus, the worm has already managed to infect 1,600 servers, said Elias Levy, chief technology officer for the San Mateo, Calif., company. “We don’t expect it to become widespread,” he said.
INFECTING SERVERS SINCE MONDAY, the self-propagating program has also been named Spida.a.worm by antivirus firms Symantec and Network Associates and has been labeled SQLSnake by the Systems Administration Networking and Security (SANS) Institute.
Even though SecurityFocus is currently tracking almost 100 infections per hour, the worm’s only way to infect a system is if the Microsoft SQL server’s system administrator password is left blank, the default. (MSNBC is a Microsoft - NBC joint venture.)
“If you follow standard practices (and change the password), then you should be golden,” Levy said. Microsoft could not immediately comment on the worm or why a blank default password could be left on a newly installed SQL server.
Systems administrator and security experts first detected the worm because of the abnormal number of attempts to connect to port 1433, the Microsoft SQL server. Servers, which haven’t had a recent Microsoft bug fix applied, could have their security cracked by the worm.
The DoubleTap worm is written in JavaScript and has two executable components and a batch file. Once it gets onto a system, it adds the guest account to the administrator group, giving the worm control of the system. It also changes the password of the SQL administrator so that the multiple infections won’t occur.
Finally, the worm mails the server’s password list to an e-mail address on a service based in Singapore.
The effects of the worm could be magnified by the fact that Microsoft’s SQL software is included in many other complete software packages, such as e-commerce suites and Web site development bundles, Levy said.
“There are a lot of products that istall MS SQL as a component,” he said, “and if the administrator does not know it, then that server is open.”
Copyright © 1995-2002 CNET Networks, Inc. All rights reserved
Blank Administrator passwords... should not be possible. Thanks, Microsoft.
This isn't MS's fault. Admins that too freakin' stupid to apply some level of security to there systems deserve to have their servers infected.
Definetly agree with you there (also alot of MS viruses written by linux nuts)
Indeed.
Pay do tell us why?
If I follow your logic and leave my car door unlocked I deserve my car to be stolen?
This isn't Microsoft's problem, but you can try to blame them, as usual, if you want. It's a free country to be an idiot in.
It's not a question of deserve, it's an issue of prevention. If you don't possess the common sense to lock your car, and somebody steals it, whose fault is it for not taking the minimum amount of preventive action?
By the same token, if as a sysadmin, you can't perform a common sense step like applying a password and your system gets hacked, you are at fault for not taking steps to prevent it.
That really isn't the same thing. It's more like if you leaving your car parked in Newark NJ, in the worst neighborhood that you can find, with the windows down, the door unlocked and the keys in the ignition!
Definetly agree with you there (also alot of MS viruses written by linux nuts)
Prove that statement or retract.
The article states that the software is sometimes installed by other software packages. In my own company, there are a bunch of workstations which have SQL Server installed, and the users have no idea it's there.
This isn't Microsoft's problem...
But MS certainly causes the problem when it allows a default installation that's so easily compromised. You think the design of (say) the transmission selector which has a tendency to slip out of park while the engine is running is NOT the fault of the car's manufacturer?
And if everyone was still using typewriters, they would write viruses to hit them. MS gets hit because everyone is using it, not because they are weak.
Prove that statement or retract."
I've been in IT for many years and the only people I ever knew, that wrote or collected viruses were linux nuts (not to be confused with linux users, advocates or admins).
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.