MS SQL worm attacks… one more reason not to use Windows

Published on January 25, 2003 in sysadmin. 1 Comment

Gwyneth Paltrow's Face is PerfectAs seen on /., I received this email from my host this morning:

At approximately 11:28 pm on 1/24/2003, NOC engineers observed significant inbound and outbound traffic across all backbone carriers and internal router/switching infrastructure. Our emergency network response team was immediately deployed and began troubleshooting the problem. Upon the first notification to our carriers, we were informed of a global internet problem by a fast spreading SQL worm targeted at Microsoft SQL. As a result, the entire internet continues to suffer from an extreme decrease in service. Please see the following links for international coverage of the breaking story.

As seen on CNN

As reported by ABC

As seen on Yahoo!

As reported by Symantec

And MSNBC’s report

The Planet is working continuously detecting, locating, and removing all infected SQL servers from our network along with blocking all inbound traffic directed to the specific SQL ports under attack. As we continue to assist those customers affected, The Planet seeks to inform all customers of this global rising problem and to assure you that service is available to the maximum extent possible. Planet engineers are working with Microsoft and Cisco to apply all patches available along with all protective measures as they will be released in the next few hours/days/weeks. The Planet is dedicated to ensuring maximum uptime and all NOC staff and network engineers will remain onsite under Level 1 alert until all network connectivity returns to normal. We appreciate your patience in this matter.

If you have a Microsoft SQL product in our datacenters, please contact our NOC staff via Orbit ticket, email or phone for further assistance.

https://orbit.theplanet.com/

[email protected]

1.800.854.7679

Several Security companies have released the following information in reference to this problem.

Symantec Advisory

EEye Report

Cert Advisory

Service pack 3 is available for SQL 2000 at the following.

SP3 for MS SQL 2000

Stand alone patch for SQL 2000

Patch for MS SQL 2000

Another reason to not use Windows.

[Added Later]

More links:

Scripting News

News.Google.com

Lawrence Lessig provides a chart from the Internet Traffic Report

Ben Hammersley comments

Jim Roepcke comments

Scoble notes the news

I’m sure more have commented, but those are the RSS feeds I read.

1 Response to “MS SQL worm attacks… one more reason not to use Windows”

Feed for this Entry
  • Mike
    January 26, 2003 at 8:56 am

    I noticed the slowdown and thought the problem was on my end… I checked my router logs and found a strange number of requests for ports 137 and 1434 (the latter being Ms’s MySQL server exploit). Now I know why.

    Thank goodness I switched.

Leave a Reply

Bad Behavior has blocked 3738 access attempts in the last 7 days.