Security Incidents mailing list archives

Re: Need Urgent Info about SQL Worm

From: "Arthur Donkers" <A.Donkers () reseau nl>
Date: Fri, 23 Nov 2001 17:38:23 +0100

Do you have a dnsservices.exe or win32mon.exe process running ?

If so, you're probably infected ...

grtz,

Arthur

----- Original Message -----
From: "Matthias Merkel" <securityfocus () merkel-productions de>
To: <incidents () securityfocus com>
Sent: Friday, November 23, 2001 3:24 AM
Subject: Need Urgent Info about SQL Worm

Mailer: SecurityFocus

Hi,
    I was shure that my sa password was not blank,
but I found out that I could have been a target for
the "Extended Stored Procedure Parameter Parsing"
vulnerability.

Can someone tell me how I can find out if I've been
infected??


Thanks in advance,
                               Matthias
p.s.: WinNT4 SP6a. MSSQL7

--------------------------------------------------------------------------

--

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Need Urgent Info about SQL Worm Matthias Merkel (Nov 23)
- Re: Need Urgent Info about SQL Worm Arthur Donkers (Nov 23)