SQL Server worm exploits blank sa password

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

Douglas Brown discovered a new worm that targets Microsoft SQL Server installations where the SQL Administrator password is blank (note that this is the default configuration for SQL Server v7.0 and earlier). The worm logs in using the Administrator account, then calls a command shell to FTP and install a Trojan. The Trojan communicates with the attacker via IRC, where the attacker is able to utilize the infected systems to launch Distributed Denial of Service (DDoS) attacks.

The original SecurityFocus Report: MS-SQL Worm?

SQL Server's default behavior of blank admin password is a disaster. If you want your network to be secure, automate a scan for port 1433, used by sql server, and check for sa admin accounts with blank passwords. By using SQL's command shell, a hacker (if you are unlucky) or penetration tester (if you are lucky) can take over the server. The extent of the exposure depends on what account sql service is running under. Some sites run the service using a domain admin account. Wonderful! If you can break the sa password, or if its blank, you can use the command shell to create a new account and add it to the domain administrator's group. A blank sa password can expose the entire enterprise.

Related Tips:

SQL Server 2000 Operations Guide

Register Now for Office365 CON - 2017 Online Conference!

Early registration is now open for Office365 CON 2017, the annual online gathering of IT Strategists, Microsoft MVPs and Messaging Technology Vendors. This convenient, annual online event is presented by TechGenix and MSExchange.org for the benefit of busy IT Professionals within the global Office 365 and MS Exchange communities.

Early registrants for this year's conference will also receive a Symantec White Paper: Top 5 SSL/TLS Attack Vectors: How they have impacted IT and how you can avoid them , as well as an invitation to join a special Conference Preview broadcast.

Time and Date: Thursday, March 23, 2017, starting at 10am EDT | 9am CDT | 7am PDT

Newsletter Subscription

WindowsNetworking.com Sections

Featured Freeware

Download Free TFTP Server. The most trusted on the planet by IT Pros

Home
Articles & Tutorials
Building a PowerShell GUI (Part 13)

This article concludes the PowerShell GUI series by demonstrating a technique for changing a virtual machine’s memory allocation by using a GUI interface... Read More

Importance of Service Records (SRV) in an Active Directory Environment

SRV Records, sometimes referred to as Service Records, are required by services such as LDAP, KDC, Global Catalog, KMS and any other applications that registers SRV records to provide services to the clients... Read More

Articles & Tutorials Categories
KBase Tips
How do I list Active Directory Manual Replication Connection Objects?

Tip explains how to get manually created replication connection objects in an Active Directory Forest... Read More

Check Object Replication Status across Active Directory Forest

Tip explains how you can check object replication status Active Directory forest... Read More

Windows Server 2012/2008/2003/2000/XP/NT Administrator Knowledge Base Categories

Reviews
Free Tools
Blogs
Forums
White Papers
Contact Us

Community Area

SQL Server worm exploits blank sa password

See Also

See Also

Featured Links