CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

$9736.22 of $21422.68
left sidedonated so farneed $11686.46 donated to reach our goalright side, our goal
Help CastleCops serve the community on new servers, Donate Here to reach our goal.

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
Survey
spacer
Was 2007 a good year?

Yes it was a wonderful year
Yes, but there is always room for improvement
Status quo
It was a challenge
Other (leave comment)



Results
Polls

Votes: 937
Comments: 25
block bottom
spacer spacer
image MS SQL Server Worm Cripples Internet image
Hassle
By Nate Mook, BetaNews January 25th, 2003, 7:50 AM

Internet traffic slowed to a crawl early Saturday morning as a virus-like worm exploited a known flaw in Microsoft SQL Server 2000 and flooded the world's digital backbones. The attack used a buffer overflow to execute code on a vulnerable SQL Server, causing that system to randomly seek out other computers to infect and in the process consume massive amounts of bandwidth.

Major Internet providers began to block the malicious traffic by mid-morning, although UUNet continued to report major slowdowns.

Microsoft issued a security bulletin and patch for the SQL Server 2000 flaw last July, but many network administrators had apparently not updated their systems. One such administrator told BetaNews that a tool offered by Microsoft to confirm all hot fixes were applied, HFNetChk, did not correctly identify the missing patch.

The worm specifically targeted UDP port 1434 in order to find SQL Servers to compromise. By blocking all traffic on that port and the primary SQL Server port, 1433, network administrators were able to quell the floods. Affected servers had to be rebooted in order to stop the flow of data.

Article source and further details: Beta News



Real-time charts posted at Matrix NetSystems Inc..
Check out these charts:
Packet Loss
Reachability

Resources
Standalone Patch:
http://www.microsoft.com/technet/security/bulletin/MS02-039.asp

SQL 2000 Service Pack 3:
http://www.microsoft.com/sql/downloads/2000/sp3.asp

More Resources
http://support.microsoft.com/support/misc/kblookup.asp?id=Q323875
http://www.microsoft.com/technet/prodtechnol/sql/maintain/security/sql2ksec.asp
Symantec Security Response - W32.SQLExp.Worm
CERT® Advisory CA-2003-04 MS-SQL Server Worm
Microsoft SQL Sapphire Worm Analysis
Posted on Saturday, 25 January 2003 @ 11:15:00 UTC by cj (1729 reads)
[ Trackback ]		image

"MS SQL Server Worm Cripples Internet" | Login/Create an Account | 1 comment | Search
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: MS SQL Server Worm Cripples Internet (Score: 1)
by shikehal  on Saturday, 31 May 2008 @ 15:48:37 UTC
(User Info | Send a Message)
Great article, keep up the good work. ----------------------------------------------------
برامج نت [www.bramjnet.com]| free software [www.tt5r.com]| افضل المواقع العربية [top.tt5r.com]| منتدى برامج نت [www.bramjnet.com]| العاب فلاش - العاب بنات [games.bramjnet.com]| برامج [soft.bramjnet.com]| دليل المواقع [dir.bramjnet.com]| عيادة طب [med.bramjnet.com]| الأرشيف [www.bramjnet.com]| برامج مشروحة [www.bramjnet.com]| برامج ترجمة [soft.bramjnet.com]| برامج الفاكس [soft.bramjnet.com]| برامج طباعة [soft.bramjnet.com]| برامج تحرير [soft.bramjnet.com]| برامج التقاط الصور والشاشات [soft.bramjnet.com]| برامج سطح المكتب [soft.bramjnet.com]| برامج البريد الالكتروني [soft.bramjnet.com]| برامج خدمات البريد الاكتروني [soft.bramjnet.com]| برامج القوائم البريدية [soft.bramjnet.com]| برامج ادوات البريد الاكتروني [soft.bramjnet.com]| برامج مكافحة الرسائل المزعجة [soft.bramjnet.com]| برامج الإنترنت [soft.bramjnet.com]


 
Login
spacer
Nickname

Password

Security Code: Type Security Code: Usage signifies AUP acceptance
· New User? · Click here to create a registered account.
block bottom
Related Links
spacer
· del.icio.us!
· digg it!
· reddit!
· TrackBack (0)
· News.com
· PHP HomePage
· Microsoft
· HotScripts
· W3 Consortium
· More about Hassle
· News by cj

Most read story about Hassle:
SpywareStrike, a clone SpyAxe blackhole
block bottom
Article Rating
spacer
Average Score: 5
Votes: 2


Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent
block bottom
Options
spacer

Printer Friendly Page  Printer Friendly Page
block bottom
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
89ppm 0.280s (0.022s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer