Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

Another SQL Server Virus Hits the Internet

By Brian Knight,

Another SQL Server Virus Strikes the Internet

Another SQL Server Virus Strikes the Internet

 

A devastating virus struck the Internet Friday (1/24/03) causing symptoms in networks that appear to be denial of service attacks (DOS). The worm is spreading using an exploit that was found and patched in SQL Server 2000 in July. The exploit is a vulnerability where SQL Server doesn’t handle data sent to it properly causing a buffer overflow error. The attacker then is given elevated permissions and can then launch further attacks. In this case, the attacker is a virus called Sapphire and it then begins to launch attacks similar to Red Alert from your SQL Server.

 

The worm does not create any backdoors in your system once it’s infected but will create a denial of service attack against your network as it tries to find other servers to infect. It has already brought down many networks this weekend. Starting and stopping SQL Server should flush your buffer pool and allow your server to perform normally.

 

It’s important to note that this virus isn’t related to the earlier virus that preyed on systems that didn’t have an SA password set. This is much more like the Code Red virus where it preys on a SQL Server vulnerability. Microsoft has had a fix out for this since July of last year and if you have installed the recent cumulative patch or SQL Server 2000 SP3, you are safe.

 

If you want to download the standalone patch for this problem, you can download it at

 

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-039.asp

 

Before you install the patch though, ensure that you don’t already have it, or a later patch installed by running SELECT @@VERSION in Query Analyzer. If you see version 2000.800.636 or later, then you should be safe if it was installed properly. The best solution to protect you from this and future bugs like this is to install service pack 3 for SQL Server, which can be downloaded at: http://www.microsoft.com/sql/downloads/2000/sp3.asp.

 

The bad thing about this virus is how quickly it propagated and how much more damage it could have done if it were one that planted backdoors on your system.

 

Total article views: 10791 | Views in the last 30 days: 3
 
Related Articles
BLOG

Patching

Probably the least enjoyable thing about being a DBA is patching servers. We received the bad news i...

FORUM

SP2 Patching

SQL Server SP2 patching process

FORUM

how to find if SQL server 2005 ms09-062 patch is installed or not

how to find if SQL server 2005 ms09-062 patch is installed or not

FORUM

SQL Server Patching

How often to do the SQL Server Patching, like quaterly patching done by Oracle

ARTICLE

Patch Week

This week Steve Jones notes there were quite a few patches from Microsoft for a variety of products....

Tags
bugs    
security    
service packs    
sql server 7    
 
Contribute

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones
Editor, SQLServerCentral.com

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones