|
|
#1
January 27th, 2003, 02:03 PM
|
|||
|
|||
W32/SQLSlammer
Does anyone have any reports about A/V software or other programs' reaction to the W32/SQLSlammer worm that hit this weekend?
While I understand it was not destructive as such (except for internet performance hits), I'm interested in which A/V programs (if any) stopped it, and which failed to. |
|
#2
January 27th, 2003, 04:26 PM
|
||||
|
||||
|
Re:W32/SQLSlammer
I think no available antivirus software stopped this worm as it differs to much from file-based malware. It is IMHO more an automated hack attemp. So the protection against this worm should be updating/patching the systems on a regular basis (the worm used a security whole from July last year).
wizard
__________________
wizardRESEARCH - Malware Research & Analysis since 1989 |
|
#3
January 27th, 2003, 04:43 PM
|
||||
|
||||
|
Re:W32/SQLSlammer
I took liberty to quote Steve "Cool" Gibson again:
"A Quick Vulnerability Test You may quickly and easily check your system: It is unlikely that typical personal computer users will be vulnerable to this worm's infection attempts, so you probably have nothing to worry about. Most personal computers are not running Microsoft's "SQL Server", so there is no point of entry for this infection. To quickly verify that your system is not running Microsoft's SQL Server, and therefore can not be infected by Sapphire/ Slammer worm probes, enter the following command in an "MS-DOS Prompt" window: netstat -an | find "1434" This DOS command line checks for the presence of any process "listening" on your computer's port 1434. Your system might be vulnerable only if some lines containing "1434" are printed to the screen when this command is entered. Otherwise, your computer can not be infected by this new worm. " http://grc.com/worms/25-01-03.htm ^Ari^
__________________
ŋ Did you remember to make back up today ? Please donīt call Gator\Claria as spyware; call it trojan horse. RealPlayer breaks your puter. Donīt do as I do, Do exactly I advice |
|
#4
January 28th, 2003, 07:53 AM
|
||||
|
||||
|
Re:W32/SQLSlammer
Quote:
"Should" is the correct word here.  http://www.sophos.com/virusinfo/articles/slammerpoll.html Regards, Pieter
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
|
#5
January 28th, 2003, 04:52 PM
|
||||
|
||||
|
Re:W32/SQLSlammer
It is a shame how many administrators don't even care about updating their systems. For private users it is even more scary as these mostly believe a personal firewall is enough protection for such threats.
wizard
__________________
wizardRESEARCH - Malware Research & Analysis since 1989 |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
