Worm Targets Blank SA Passwords

A warning to shops that still, despite numerous warnings, have a blank SQL Server system administrator (sa) password: Microsoft says that a worm code-named Voyager Alpha Force, which takes advantage of blank sa passwords, is making its way around the Internet. According to the Microsoft article "PRB: Unsecured SQL Server with Blank (NULL) SA Password Leaves Vulnerability to a Worm," the worm looks for a server that's running SQL Server by scanning for port 1433, the SQL Server default port. If the worm finds a server, it tries to log in to the default instance of that SQL Server with a blank (NULL) sa password. If the login is successful, the worm broadcasts the address of the unprotected SQL Server on an Internet Relay Chat (IRC) channel, then tries to load and run an executable file from an FTP site in the Philippines. Logging in to SQL Server as sa gives the user administrative access to the computer and, depending on your environment, possibly access to other computers. For details about how to safeguard your SQL Server systems from the worm (hint: secure your sa login account with a strong, non-NULL password), see the following URL:

   http://support.microsoft.com/default.aspx?scid=kb;en-us;313418

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish