- Joined
- Mar 19, 2001
- Messages
- 37,298
Hiya
The CBlade SQL Worm was designed propagate by exploiting a common
misconfiguration in the Microsoft SQL Server Database. The worm then
installs a DDoS (Distributed Denial of Service) component that uses the
IRC (Internet Relay Chat) network to communicate with the worm's
author(s). The threat from this specific worm has now passed and its
propagation has ceased. However, a new variant of this worm could be
developed to exploit the same or a similar vulnerability in Microsoft
SQL Server.
http://xforce.iss.net/alerts/securitybrief2.php
The reason why this caught my eye is because of the following:
The CBlade worm includes two main components:
- MS-SQL server scanning and infection
- IRC component for remote control of infected systems as DDoS zombies
Now, the DDoS zombies were the ones that brought down GRC.com a while back. WinXP users are the ones most at risk with this kind of attack, not being targated but being used.
Regards
eddie
The CBlade SQL Worm was designed propagate by exploiting a common
misconfiguration in the Microsoft SQL Server Database. The worm then
installs a DDoS (Distributed Denial of Service) component that uses the
IRC (Internet Relay Chat) network to communicate with the worm's
author(s). The threat from this specific worm has now passed and its
propagation has ceased. However, a new variant of this worm could be
developed to exploit the same or a similar vulnerability in Microsoft
SQL Server.
http://xforce.iss.net/alerts/securitybrief2.php
The reason why this caught my eye is because of the following:
The CBlade worm includes two main components:
- MS-SQL server scanning and infection
- IRC component for remote control of infected systems as DDoS zombies
Now, the DDoS zombies were the ones that brought down GRC.com a while back. WinXP users are the ones most at risk with this kind of attack, not being targated but being used.
Regards
eddie
