SQL Worm Circulating

A worm exploiting a password set by default to null in SQL Server is roaring around the Internet, according to several security watchdog groups.

The worm is known in some places as SQL Snake and in others as SQL Spida. It scans Port 1433, which is used by SQL Server, for Microsoft databases with null passwords. It infects those systems, e-mails password and configuration information to an external address and uses the infected system as a host to scan for more systems. While no damaging payload is apparently associated with the worm, it can create a denial of service scenario by overwhelming networks with scanning traffic.

"The scanner bundled with the worm is multi-threaded and is capable of scanning with 100 threads. A large amount of network traffic is created by the worm, which scans both internal and external IP addresses for vulnerable servers," ISS' X-Force noted in a post to the Bugtraq security mailing list.

Although the vulnerability is similar in some ways to Code Red and Nimda, the potential for mass havoc is considerably less given that there are far fewer SQL Server systems exposed to the Web than Internet Information Server/Services systems.

Microsoft posted a page with information to help SQL Server administrators prevent the problem at

Microsoft pointed out that it recommends that users immediately change the "SA" password in SQL Server when they configure the database, although the problem emphasizes the need for more secure default configurations such as those planned for IIS 6.0 when Windows .NET Server ships.

Microsoft took the opportunity to remind SQL Server administrators to install a SQL Server patch the software company issued last month, although some security experts say there is little evidence the current problem exploits the patched vulnerability.

The SANS Institute's Internet Storm Center reported an explosion in the number of hosts scanning Port 1433 starting Monday and multiplying on Tuesday. Microsoft's recommendations include shutting down the port if possible.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

  • How To Automate Tasks in Azure SQL Database

    Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

  • Microsoft Open License To End Next Year for Government and Education Groups

    Microsoft's "Open License program" will end on Jan. 1, 2022, and not just for commercial customers, but also for government, education and nonprofit organizations.

comments powered by Disqus