[rescue] new worm?

[Koyote]

If this is replicable, MS SQL systems are in for a whole 'nother world of hurt.


Johan Fischer <jofi at swepipe.com> writes:

> It get worse, we have had three servers trashed by the worm, all of them
> are SMP (2-4 cpu) Windows 2000 servers running SQL server 2000.
> Al nine of our DB servers have a weekly shedule for our sysadmins to
> monitor and apply security patches and services packs.
> All five ms-sql servers was shutdown during the "service slot" wednesday
> eavning and have had the SP3 applied on them.
> 
> The two single cpu mashines have not been affected but all three SMP's
> have. for f--ks sake m$ get yer act togheter.
> 
> Point of entry? simple, a developer with a ms-sql server on his laptop
> dialed in to his faworite ISP and started a tunnel to our FW. Since he
> didnt have any "local" firewall on his modem line his laptop got infected
> first then it blew 1 of the SMP servers...
> 
> So finaly i realy hope i will get the money to convert the shit to a
> decent DB.
> 
> M$ is a desktop OS keep it there.
> 
> 
> //Johan
> Sysadmin Swepipe.
> 
> 
> Uhmm and yes we shut them down and did put them on a sepparate switch,
> rolled back one of them two days from the backup, applied ALL patches and
> the SP3 (AGAIN), did put all three servers online (two infected and one
> newly patched) it took less than 2 minutes untils it started to bombard
> it's gw with udp... *ARGH* rolled back binarys to last nites backup,
> and put them online on sepparate lans and are now holding our thumbs.
> _______________________________________________
> rescue list - http://www.sunhelp.org/mailman/listinfo/rescue