View Full Version : W32/SQLSlammer
spm
January 27th, 2003, 02:03 PM
Does anyone have any reports about A/V software or other programs' reaction to the W32/SQLSlammer worm that hit this weekend?
While I understand it was not destructive as such (except for internet performance hits), I'm interested in which A/V programs (if any) stopped it, and which failed to.
wizard
January 27th, 2003, 04:26 PM
I think no available antivirus software stopped this worm as it differs to much from file-based malware. It is IMHO more an automated hack attemp. So the protection against this worm should be updating/patching the systems on a regular basis (the worm used a security whole from July last year).
wizard
Krusty
January 27th, 2003, 04:43 PM
I took liberty to quote Steve "Cool" Gibson again:
"A Quick Vulnerability Test
You may quickly and easily check your system:
It is unlikely that typical personal computer users will be vulnerable to this worm's infection attempts, so you probably have nothing to worry about. Most personal computers are not running Microsoft's "SQL Server", so there is no point of entry for this infection.
To quickly verify that your system is not running Microsoft's SQL Server, and therefore can not be infected by Sapphire/ Slammer worm probes, enter the following command in an "MS-DOS Prompt" window:
netstat -an | find "1434"
This DOS command line checks for the presence of any process "listening" on your computer's port 1434. Your system
might be vulnerable only if some lines containing "1434" are printed to the screen when this command is entered. Otherwise, your computer can not be infected by this new worm. "
http://grc.com/worms/25-01-03.htm
^Ari^
Pieter_Arntz
January 28th, 2003, 07:53 AM
-{ Quote: " quoting: wizard link=board=24;threadid=6748;start=0#45034 date=1043702786]
So the protection against this worm should be updating/patching the systems on a regular basis (the worm used a security whole from July last year).
" }-
"Should" is the correct word here. ;)
http://www.sophos.com/virusinfo/articles/slammerpoll.html
Regards,
Pieter
wizard
January 28th, 2003, 04:52 PM
It is a shame how many administrators don't even care about updating their systems. For private users it is even more scary as these mostly believe a personal firewall is enough protection for such threats.
wizard
vBulletin® Copyright ©2000-2012, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2012, Wilders Security Forums