Worm uses Symantec tools to infiltrate SQL Server

Considered a moderate threat, the worm gains access to Microsoft's SQL Server and SQL databases by exploiting vulnerabilities in Symantec's antivirus software.

The seventh version of an Internet worm that uses Symantec Corp.'s antivirus products to gain network access to SQL Server is now making the rounds, according to security officials.

Rated a moderate threat, the Internet worm goes by the names W32 Rinbot or Delbot, according to Graham Cluley, senior technology consultant for security software company Sophos Plc, based in Oxfordshire, U.K.

More SQL Server stories:
Step-by-Step Guide: Test for a Trojan horse on your SQL Server

Hacker's-eye view of SQL Server

A downloadable patch is now available from Symantec to protect users from the worm, which was discovered on Feb. 16. The patch is available on Symantec's Threat Explorer page.

The worm takes advantage of vulnerabilities in Symantec's antivirus software, using it as a conduit to Microsoft's SQL Server and SQL database. The worm contains many common system passwords, trying them until it finds the right one that gives it network access. Then it uses the computer it takes over as a botnet, or remotely operated machine it uses to hack into other computers.

Cluley said there have not been widespread reports of the worm successfully infiltrating networks although CNN reported Thursday that its own networks had been affected.

Dig deeper on Windows Storage Systems Hardware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close