The seventh version of an Internet worm that uses Symantec Corp.'s antivirus products to gain network access to...
SQL Server is now making the rounds, according to security officials.
Rated a moderate threat, the Internet worm goes by the names W32 Rinbot or Delbot, according to Graham Cluley, senior technology consultant for security software company Sophos Plc, based in Oxfordshire, U.K.
A downloadable patch is now available from Symantec to protect users from the worm, which was discovered on Feb. 16. The patch is available on Symantec's Threat Explorer page.
The worm takes advantage of vulnerabilities in Symantec's antivirus software, using it as a conduit to Microsoft's SQL Server and SQL database. The worm contains many common system passwords, trying them until it finds the right one that gives it network access. Then it uses the computer it takes over as a botnet, or remotely operated machine it uses to hack into other computers.
Cluley said there have not been widespread reports of the worm successfully infiltrating networks although CNN reported Thursday that its own networks had been affected.