Thank this author by sharing:
By Brian Knight,
Another SQL Server Virus Strikes the Internet
A devastating virus struck the Internet Friday (1/24/03) causing symptoms in networks that appear to be denial of service attacks (DOS).
The worm is spreading using an exploit that was found and patched in SQL Server
2000 in July. The exploit is a vulnerability where SQL Server doesn’t handle
data sent to it properly causing a buffer overflow error. The attacker then is
given elevated permissions and can then launch further attacks. In this case,
the attacker is a virus called Sapphire and it then begins to launch attacks
similar to Red Alert from your SQL Server.
The worm does not create any backdoors in your system once
it’s infected but will create a denial of service attack against your network
as it tries to find other servers to infect. It has already brought down many
networks this weekend. Starting and stopping SQL Server should flush your
buffer pool and allow your server to perform normally.
It’s important to note that this virus isn’t related to the earlier
virus that preyed on systems that didn’t have an SA password set. This is much
more like the Code Red virus where it preys on a SQL Server vulnerability.
Microsoft has had a fix out for this since July of last year and if you have
installed the recent cumulative patch or SQL Server 2000 SP3, you are safe.
If you want to download the standalone patch for this
problem, you can download it at
install the patch though, ensure that you don’t already have it, or a later
patch installed by running SELECT @@VERSION in Query Analyzer. If you see
version 2000.800.636 or later, then you should be safe if it was
installed properly. The best solution to protect you from this and future bugs
like this is to install service pack 3 for SQL Server, which can be downloaded
The bad thing about this virus is how quickly it propagated
and how much more damage it could have done if it were one that planted
backdoors on your system.
This post on SQL Server patching illustrates a quick and simple way of safely extracting SQL Server ...
Probably the least enjoyable thing about being a DBA is patching servers. We received the bad news i...
SQL Server SP2 patching process
how to find if SQL server 2005 ms09-062 patch is installed or not
How often to do the SQL Server Patching, like quaterly patching done by Oracle