SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Another SQL Server Virus Hits the Internet

By Brian Knight,

A devastating virus struck the Internet Friday (1/24/03) causing symptoms in networks that appear to be denial of service attacks (DOS). The worm is spreading using an exploit that was found and patched in SQL Server 2000 in July. The exploit is a vulnerability where SQL Server doesn’t handle data sent to it properly causing a buffer overflow error. The attacker then is given elevated permissions and can then launch further attacks. In this case, the attacker is a virus called Sapphire and it then begins to launch attacks similar to Red Alert from your SQL Server.

The worm does not create any backdoors in your system once it’s infected but will create a denial of service attack against your network as it tries to find other servers to infect. It has already brought down many networks this weekend. Starting and stopping SQL Server should flush your buffer pool and allow your server to perform normally.

It’s important to note that this virus isn’t related to the earlier virus that preyed on systems that didn’t have an SA password set. This is much more like the Code Red virus where it preys on a SQL Server vulnerability. Microsoft has had a fix out for this since July of last year and if you have installed the recent cumulative patch or SQL Server 2000 SP3, you are safe.

If you want to download the standalone patch for this problem, you can download it at:


Before you install the patch though, ensure that you don’t already have it, or a later patch installed by running SELECT @@VERSION in Query Analyzer. If you see version 2000.800.636 or later, then you should be safe if it was installed properly. The best solution to protect you from this and future bugs like this is to install service pack 3 for SQL Server, which can be downloaded at: http://www.microsoft.com/sql/downloads/2000/sp3.asp.

The bad thing about this virus is how quickly it propagated and how much more damage it could have done if it were one that planted backdoors on your system.

Total article views: 10792 | Views in the last 30 days: 1
Related Articles

Download SQL patch Info

This article shows how to download sqlserverbuilds.blogspot.com to build your own automated sql patc...


A SQL Server Patching Shortcut

This post on SQL Server patching illustrates a quick and simple way of safely extracting SQL Server ...



Probably the least enjoyable thing about being a DBA is patching servers. We received the bad news i...


SP2 Patching

SQL Server SP2 patching process


how to find if SQL server 2005 ms09-062 patch is installed or not

how to find if SQL server 2005 ms09-062 patch is installed or not

service packs    
sql server 7