SQL Server Worm on the Loose

August 22, 2003

[From eWeek]

A worm code-named "Voyager Alpha Force" that targets Microsoft Corp. SQL Server databases is roaming the Internet, trying to turn insecure database servers into launching pads for applications running out of FTP sites in the Philippines.

Voyager Alpha Force exploits blank SQL Server sa (system administrator) passwords, according to a security notice from Microsoft. The worm searches for servers running SQL Server by scanning for port 1433, which is the SQL Server default port. If the worm finds a server, it logs on with a blank (NULL) sa password.

The article continues at http://www.eweek.com/