Tool: Sapphire SQL Worm Scanner

[InfoSec News <isn () c4i org>]

Forwarded from: "Marc Maiffret" <marc () eeye com>

We had a lot of requests to put together a quick free scanner, like
we've done in the past, for this SQL worm.

This is the first version and it is bound to have bugs. Feel free to
email me any issues directly and we can work on them.

The scanner is non-intrusive, wont crash your servers, in identifying
vulnerable systems. It WILL NOT identify already infected systems.
Because of the nature of the worm it keeps any valid data from getting
to the victim system. We suggest using sniffers and IDS's to determine
already infected machines.

You can download the scanner from:
http://www.eeye.com/html/Research/Tools/SapphireSQL.html

For more details about the Sapphire SQL Worm:
http://www.eeye.com/html/Research/Flash/AL20030125.html

If you have any questions or comments feel free to mail me directly.
As we find bugs and make improvements the changes will be reflected on
our website. So go there for the latest ... that way we don't have to
flood this list with email.

Thanks to NGSSoftware (http://www.nextgenss.com/) for discovering the
flaw the SQL worm uses and for publishing a technical write up which
made this scanner possible. Once again illustrating that details ARE
needed to help the good guys.

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.