There are at least two ways that this could have gotten through firewalls:
i'm really curious now, about the factors that caused this to be such a serious event. i can accept that some places had port 1434 open due to negligence/incompentence. i can accept that some developer's workstations were also vunerable. i'd like to see how many infected machines were needed to saturate n amount of bandwidth, etc. it's not like nimba, where the iis webserver was installed on many many machines and users weren't aware. only programmers and businesses have ms sql server on their machines.
i'm sure some interesting studies are going to come out of this.
Most of the infection got into corporate networks via VPN users......even MS Developers with .Net installed on their PC......and running a split tunnel to the internet.
Once in, it spread like wildfire through the ECommerce infrastructure developed on MSSQL and allowing UDP1434.
Corporate America got a wake-up call like no other before this weekend (LET ME TESTIFY!) and the whole MS and "internet thingy" is under a cloud.
IT pros are fed up with this sh!t.
Two years of hell I tell ya.........the endless patch and upgrade.