Worm attacks SQL Server

22 May 2002 A new worm is attacking servers running Microsoft’s SQL Server 7.0. But companies running the server can protect themselves — by making sure the administrator password is not left blank.

Symantec, Network Associates and other security software companies have noticed a proliferation of the worm, dubbed SQLSnake, DoubleTap, and DigiSpid.B.Worm, since Monday. But the companies say the damage caused by the worm is unlikely to be serious.

When the worm infects a computer, it copies various files onto it, including a program that scans the Internet for other copies of SQL Server, and another that sends the server’s passwords to an email address set up by the worm’s writer.

But it can only attack copies of SQL Server 7.0, not SQL Server 2000 and only those that still have the default, blank administrator password. Microsoft also issued a patch in April that protects servers against the attack used by the worm.

Microsoft security specialist Mark Miller says the worm does not expose a new vulnerability: “It’s a case of not following best practices.” Companies are advised to check systems for inadvertant copies of SQL Server 7.0 and to forbid remote access to the MSSQL daemon.

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and... More by Ben Rossi

Worm attacks SQL Server

Ben Rossi

Related Topics

Related Stories

How AI will shift the security landscape in 2024

NCSC releases guidelines for secure AI development

3 cybersecurity compliance challenges and how to address them

70% of UK firms reported cyber insurance changes in past year

Related Stories

How AI will shift the security landscape in 2024

NCSC releases guidelines for secure AI development

3 cybersecurity compliance challenges and how to address them

How to set up a cybersecurity honeypot for your business