SQL Server Central is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
Search:  
 
Home Articles Editorials Forums Scripts Blogs QotD SQL Jobs Training Authors About us Contact us Newsletters Advertise Write for us
 

Another SQL Server Virus Hits the Internet

By Brian Knight, 2003/01/27

Total article views: 10674 | Views in the last 30 days: 8
Another SQL Server Virus Strikes the Internet

Another SQL Server Virus Strikes the Internet

 

A devastating virus struck the Internet Friday (1/24/03) causing symptoms in networks that appear to be denial of service attacks (DOS). The worm is spreading using an exploit that was found and patched in SQL Server 2000 in July. The exploit is a vulnerability where SQL Server doesn’t handle data sent to it properly causing a buffer overflow error. The attacker then is given elevated permissions and can then launch further attacks. In this case, the attacker is a virus called Sapphire and it then begins to launch attacks similar to Red Alert from your SQL Server.

 

The worm does not create any backdoors in your system once it’s infected but will create a denial of service attack against your network as it tries to find other servers to infect. It has already brought down many networks this weekend. Starting and stopping SQL Server should flush your buffer pool and allow your server to perform normally.

 

It’s important to note that this virus isn’t related to the earlier virus that preyed on systems that didn’t have an SA password set. This is much more like the Code Red virus where it preys on a SQL Server vulnerability. Microsoft has had a fix out for this since July of last year and if you have installed the recent cumulative patch or SQL Server 2000 SP3, you are safe.

 

If you want to download the standalone patch for this problem, you can download it at

 

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-039.asp

 

Before you install the patch though, ensure that you don’t already have it, or a later patch installed by running SELECT @@VERSION in Query Analyzer. If you see version 2000.800.636 or later, then you should be safe if it was installed properly. The best solution to protect you from this and future bugs like this is to install service pack 3 for SQL Server, which can be downloaded at: http://www.microsoft.com/sql/downloads/2000/sp3.asp.

 

The bad thing about this virus is how quickly it propagated and how much more damage it could have done if it were one that planted backdoors on your system.

 

By Brian Knight, 2003/01/27

Total article views: 10674 | Views in the last 30 days: 8
Your response
 
  
Related tags

Bugs     Service Packs    
Security     SQL Server 7, 2000    
 
Already registered?  

Free registration required

To read the rest of this article, and access thousands of other articles, we ask you to register on the site and subscribe to our newsletters.

Register

E-mail address:
Password:
Password (confirm):

  

Subscriptions

We ask you to register on the site and subscribe to our newsletters. Subscribing to our newsletters gets you:

  • ALL of our content (thousands of articles, scripts, and forum postings)
  • A daily newsletter (example)
  • A weekly news round up (example)
  • The opportunity to ask and answer questions in our forums
  • A daily Question of the Day to test and help you increase your knowledge of SQL Server.

We ask that you give the newsletter a try for a week. Over 200,000 SQL Server Professionals a day find it entertaining and useful. If not, you are welcome to unsubscribe at anytime.

Steve Jones
Editor, SQLServerCentral.com

 
Copyright © 2002-2008 Simple Talk Publishing. All Rights Reserved. Privacy Policy. Terms of Use