[ale] [Fwd: RE: MS SQL WORM and PORT 1434!]
Michael H. Warfield
mhw at wittsend.com
Mon Jan 27 23:45:56 EST 2003
On Mon, Jan 27, 2003 at 11:15:03AM -0500, Chuck Huber wrote:
> On Mon, Jan 27, 2003 at 03:36:17AM -0600, Denny Chambers wrote:
> > I have been receiving hits on port 1433 which is listed as another
> > MS-SQL port.
> Yeah, those are common. Mostly a bunch of jerks trying to login
> using default passwords. Recall the "FIELD SERVICE" admin account
> that was shipped with VAXen for many years.
WRONG ANSWER.
The earlier MS-SQL worm AKA MS-SQL Spida is propagating over port
1433/tcp infecting systems with MS-SQL and MSDE where the administratory
password has not been changed (clue alert... MSDE gets installed under
all sorts of stuff like Visio AND YOU CAN NOT CHANGE THE ADMIN PASSWORD -
but the MS-SQL Spida worm can, and does).
It's not a bunch of jerks. It's not even "mostly" a bunch of
jerks. It's just another (older) MSTD (MicroSoft Transmitted Disease).
The number of carbon based life forms behind individual 1433/tcp
hits is easily less than 0.01% if that many.
> Enjoy,
> - Chuck
> --
> "The purpose of encryption is to protect good people
> from bad people, not to protect bad people from the government."
> Scott McNealy, CEO Sun Microsystems
> "The best way for government to control people is to remain in
> a constant threat of war." ---Karl Marx
> (18 USC 242), which applies to government agents overstepping their
> authority:
> "Whoever, under color of any law, statute, ordinance, regulation,
> or custom, willfully subjects any person in any State, Territory,
> or District to the deprivation of any rights, privileges, or
> immunities secured or protected by the Constitution or laws of
> the United States, . . . shall be fined under this title or
> imprisoned not more than one year, or both . . ."
Mike
--
Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
PGP signature
More information about the Ale
mailing list