[linux-elitists] MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

Michael Bacarella mbac@netgraft.com
Thu Jan 30 07:13:03 PST 2003


> > You're wrong.  Number 8 (subitem 1 through three, sub-sub items one through 
> > three) is SQL Server 2000.
> 
> As the unix-haters password prompt says, "close enough".
> 
> Robert Graham's analysis, posted separately, suggests that desktop
> rather than server systems were principally involved in the porpogation
> of this attack.  These likley outnumber W2KS installs by a factor of two
> to four, and as the list notes, several desktop products would have
> installed the MSDE.  Which dials us in a bit further.

Firstly, in case I'm off topic, let me state for the record
that I am completely off topic and missing the point.

Now, in addition to being annoyed at Microsoft for only the
largest, most devastating infrastructure compromise to date,
I'm also annoyed at how the media reported this.

Naturally they would get the technical details wrong, but
in such a case it could have made a huge difference if they
had provided usable information.  It's not JUST businesses
and network admins who had to worry about this.  There's
a good chance that YOU, the MCSE in training who installed
MSDE 12 months ago and forgot about SQL Server are contributing
to this.  Here's how to see if you are propagating a worm.
Here's what to do if you are infected.

If most sys admins don't even follow technical mailing lists,
why would they think hobbyists and students would find the
right information?  Didn't the AP speak to several security
experts?  If the worm had a malicious nature, that one article
would've been a good start to counteracting it.

Instead people who were infected read the article, said
"Oh, it's someone else's problem" and then selected YES
in the CNN QuickVote, topic: Is the internet too vulnerable?

-- 
Michael Bacarella                  24/7 phone: 646 641-8662
Netgraft Corporation                   http://netgraft.com/
      "unique technologies to empower your business"

Finger email address for public key.  Key fingerprint:
  C40C CB1E D2F6 7628 6308  F554 7A68 A5CF 0BD8 C055



More information about the linux-elitists mailing list