Bugtraq mailing list archives

Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

From: cstone <cstone () pobox com>
Date: Sat, 25 Jan 2003 06:07:42 -0600

On Sat, Jan 25, 2003 at 02:11:41AM -0500, Michael Bacarella wrote:

I'm getting massive packet loss to various points on the globe.
I am seeing a lot of these in my tcpdump output on each
host.

It looks like there's a worm affecting MS SQL Server which is
pingflooding addresses at some random sequence.


yeah.  i guess it's an old vulnerability, but i don't keep up on
this stuff.

however, i have disassembled the code inside; all it does is send
itself to pseudorandomly generated hosts.

there is an annotated disassembly at 
http://www.boredom.org/~cstone/worm-annotated.txt

--cstone () pobox com

Current thread:

MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Michael Bacarella (Jan 25)
- Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Geoff Shively (Jan 25)
- Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Tom Kyle (Jan 25)
- Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! cstone (Jan 25)
- Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Ed Blanchfield (Jan 27)
- <Possible follow-ups>
- Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Umit Tiric (Jan 25)
- Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! George William Herbert (Jan 25)
- RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! trent dilkie (Jan 25)
  - Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Dave Aitel (Jan 25)
  - Re[2]: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Stephane - BasicLink (Jan 25)
  - RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Dick St.Peters (Jan 25)
- RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Jason Coombs (Jan 25)
  - Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Colm MacCárthaigh (Jan 25)
- Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Charles Miller (Jan 25)

(Thread continues...)