[luau] New MS Worm!!! SQLsnake
Dustin Cross
dusty at sandust.com
Wed May 22 08:34:01 PDT 2002
Windows administrators are very lucky virus writers aren't malicious. If
they were some of these windows worms would actually destroy data.
Dusty
http://www.incidents.org/diary/diary.php?id=156
http://online.securityfocus.com/news/429
http://www.incidents.org/diary/diary.php?id_6
"According to SANS incident handler Johannes Ullrich, a preliminary
analysis shows the code, which has been dubbed "SQLsnake," attempts to log
in to the SQL administrator's account on a remote server using a "brute
force" password cracker.
Once the worm, which is written in JavaScript, has gained SQL administrator
access, its author has the ability to execute SQL commands, which include
reading and writing files, as well as executing code, SANS said.
The SQLsnake code also appears to e-mail a list of passwords captured from
the victim server to a free e-mail account hosted in Singapore.
As of this morning, more than 1,400 systems appear to have been compromised
by the worm and are actively probing other servers, according to statistics
compiled by SANS."
More information about the LUAU
mailing list