Spida (js.spida.b.worm, also known as Double Tap and SQLSnake) is an Internet worm now attacking Microsoft SQL servers worldwide.
Written in JavaScript, Spida actively scans port 1433 for access into systems with blank system administrator accounts. According to the SANS Institute, a computer research organization, system administrators began noticing an upsurge in scans on port 1433, which is used by Microsoft's SQL servers, on Monday, May 20, 2002. Within the first 12 hours, the number of scanned and infected systems rose sharply to more than 1,600, and those systems are now scanning for others on the Internet.
In addition to port scanning, the worm collects and e-mails passwords from the infected servers. Users of Microsoft Windows 95, 98, or Me are not affected by the Spida worm. So there is an advantage to running inferior OS's after all. Not you could run latest iterations of SQL dbs on these OS's though.
Spida includes a UPX-compressed version of FScan and a Trojan horse that actively scans port 1433 on randomly generated IP addresses. It looks for other SQL servers on the Internet running with the default settings including blank system administrator passwords. Once it's found a system, Spida infects it and continues scanning for other vulnerable SQL servers. On the infected system, Spida collects passwords and e-mails them back to the presumed creator of this worm.
News source: ZDNet
View: 
-1 Comments - Add comment