high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
To clean the worm from affected computers
- apply the security patch available from Microsoft's website
- reboot the affected computer.
It may be necessary to block network traffic on port 1434 until systems are patched.
More Information
W32/SQLSlam-A is an SQL worm that targets unpatched Microsoft SQL servers running on Windows 2000. It can also target users of MSDE 2000 (Microsoft SQL Desktop Engine).
The worm exploits a buffer overflow vulnerability in SQL server. A description of the exploit can be found on Microsoft's website. Users who have already installed SQL Server Service Pack 3 will not be infected by this worm.
W32/SQLSlam-A arrives as a packet on UDP port 1434 and uses the buffer overflow exploit to continuously generate random IP addresses and attempts to send itself to those addresses. This causes a distributed denial of service (DDOS) attack on the computers targeted and also creates a large amount of internet traffic.
Protection against the worm is available only by applying the patch available from Microsoft. Advice from Microsoft on this issue is available from their website.
Further reading:
|
