SQL Worm Circulating

A worm exploiting a password set by default to null in SQL Server is roaring around the Internet, according to several security watchdog groups.

The worm is known in some places as SQL Snake and in others as SQL Spida. It scans Port 1433, which is used by SQL Server, for Microsoft databases with null passwords. It infects those systems, e-mails password and configuration information to an external address and uses the infected system as a host to scan for more systems. While no damaging payload is apparently associated with the worm, it can create a denial of service scenario by overwhelming networks with scanning traffic.

"The scanner bundled with the worm is multi-threaded and is capable of scanning with 100 threads. A large amount of network traffic is created by the worm, which scans both internal and external IP addresses for vulnerable servers," ISS' X-Force noted in a post to the Bugtraq security mailing list.

Although the vulnerability is similar in some ways to Code Red and Nimda, the potential for mass havoc is considerably less given that there are far fewer SQL Server systems exposed to the Web than Internet Information Server/Services systems.

Microsoft posted a page with information to help SQL Server administrators prevent the problem at

Microsoft pointed out that it recommends that users immediately change the "SA" password in SQL Server when they configure the database, although the problem emphasizes the need for more secure default configurations such as those planned for IIS 6.0 when Windows .NET Server ships.

Microsoft took the opportunity to remind SQL Server administrators to install a SQL Server patch the software company issued last month, although some security experts say there is little evidence the current problem exploits the patched vulnerability.

The SANS Institute's Internet Storm Center reported an explosion in the number of hosts scanning Port 1433 starting Monday and multiplying on Tuesday. Microsoft's recommendations include shutting down the port if possible.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Azure AD Enhancements Bring Expanded Support for Auto-Provisioned SaaS Apps

    Microsoft announced a number of Azure Active Directory enhancements this month.

  • What's Behind Microsoft's Sudden Teams Push?

    As Skype for Business slowly gets phased out and Slack's enterprise dominance becomes less of a sure thing, the time is right for Microsoft to focus its marketing energies on its upstart collaboration tool.

  • Microsoft Releases PowerShell 7 Preview 3

    Microsoft announced on Wednesday that the PowerShell 7 Preview 3 scripting solution is now available.

  • SQL Server 2019 Release Candidate Now Available

    Microsoft on Wednesday announced the release of SQL Server 2019 release candidate (RC).

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.