Worm uses Symantec tools to infiltrate SQL Server

Eileen Kennedy, News Writer

The seventh version of an Internet worm that uses Symantec Corp.'s antivirus products to gain network access to SQL Server is now making the rounds, according to security officials.

Rated a moderate threat, the Internet worm goes by the names W32 Rinbot or Delbot, according to Graham Cluley, senior technology consultant for security software company Sophos Plc, based in Oxfordshire, U.K.

Requires Free Membership to View

More SQL Server stories:
Step-by-Step Guide: Test for a Trojan horse on your SQL Server

Hacker's-eye view of SQL Server

A downloadable patch is now available from Symantec to protect users from the worm, which was discovered on Feb. 16. The patch is available on Symantec's Threat Explorer page.

The worm takes advantage of vulnerabilities in Symantec's antivirus software, using it as a conduit to Microsoft's SQL Server and SQL database. The worm contains many common system passwords, trying them until it finds the right one that gives it network access. Then it uses the computer it takes over as a botnet, or remotely operated machine it uses to hack into other computers.

Cluley said there have not been widespread reports of the worm successfully infiltrating networks although CNN reported Thursday that its own networks had been affected.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: