With so much made about this worm lately, I was rather curious to know how wormguard would have responded? Would it have just been business as usual...

:( Hi ILC,
I believe that the SQL worm is memory only so I doubt WG would see it, AV's & AT's that rely on database sigs only would also probably fail.
Switching your computer off & on again would probably kill it though ;D
TDS3 probably catches it as it uses many methods of seeing worms & Trojans

Use in TDS the Network > TCP Port Listen (with fw up of course) and see what the packets are, if you're targetted.

Wormguard (and most other antivirus products) are not designed to protect against threats like this SQL worm. Depeding on the definition I personally would not call this a worm. It is in my opinion more an automated hac attack than what we usally call a worm, e.g. Badtrans or Klez.

The best protection against this kind of threats is simply to keep regulary updating the software which could be (theoretically) be attacked (you can find this kind of server programs while checking for 'open ports').

wizard

I agree it does sound a lot more like some kind of exploit of SQL server rather than a worm, but none the less I am still a little surprised that WG would not pick up something less this, (nothing against WG) considering W32.SQL is only one of a very few types of these "worms" (as I understand) that have pure memory properties. So would a scanning for these types of worms be warranted for say WG4? Or would it be more trouble than it is worth. Thank you again for the replys.

Yes, this worm is 100% memory-resident only. As soon as you reboot your computer you're disinfected (but still vulnerable to re-infection). The worm can only infect your system if you're running a vulnerable version of Microsoft's SQL server, but a patch for this vulnerability was released by Microsoft a long time ago.

Wormguard protects against files as you execute them, but doesn't protect against buffer overflows caused by incoming internet data (but then, no other program I know of does either!)