W32/SQLSlammer

Does anyone have any reports about A/V software or other programs' reaction to the W32/SQLSlammer worm that hit this weekend?

While I understand it was not destructive as such (except for internet performance hits), I'm interested in which A/V programs (if any) stopped it, and which failed to.

 

I think no available antivirus software stopped this worm as it differs to much from file-based malware. It is IMHO more an automated hack attemp. So the protection against this worm should be updating/patching the systems on a regular basis (the worm used a security whole from July last year).

wizard

 

I took liberty to quote Steve "Cool" Gibson again:


"A Quick Vulnerability Test

You may quickly and easily check your system:

It is unlikely that typical personal computer users will be vulnerable to this worm's infection attempts, so you probably have nothing to worry about. Most personal computers are not running Microsoft's "SQL Server", so there is no point of entry for this infection.

To quickly verify that your system is not running Microsoft's SQL Server, and therefore can not be infected by Sapphire/ Slammer worm probes, enter the following command in an "MS-DOS Prompt" window:


netstat -an | find "1434"

This DOS command line checks for the presence of any process "listening" on your computer's port 1434. Your system
might be vulnerable only if some lines containing "1434" are printed to the screen when this command is entered. Otherwise, your computer can not be infected by this new worm. "

http://grc.com/worms/25-01-03.htm


^Ari^

 

"Should" is the correct word here.

http://www.sophos.com/virusinfo/articles/slammerpoll.html

Regards,

Pieter

 

It is a shame how many administrators don't even care about updating their systems. For private users it is even more scary as these mostly believe a personal firewall is enough protection for such threats.

wizard