ISS warns of Spida threat

Internet Security Systems (ISS) has issued a warning for the Spida worm, which is spreading through Microsoft SQL servers and creating large amounts of Internet traffic and TCP/IP probes.

  • E-Mail
By  Zoe Moleshead Published  May 22, 2002

Internet Security Systems (ISS) has issued a warning for the Spida worm, which is spreading through Microsoft SQL servers and creating large amounts of Internet traffic and TCP/IP probes.

According to the security vendor, Spida locates and logs into the SQL servers using the ‘sa’ account and a blank password, once inside the worm sends its configuration and password to an external host.

The threat of Spida comes not in the worm itself, but in the scanner that is incorporated with the worm, says ISS.

“Although the Spida worm is not destructive to the infected host, it may generate a damaging level of network traffic when it scans for additional hosts,” ISS reveals in a statement.

“The scanner bundled with the worm is multi-threaded and capable of scanning with 100 threads. A large amount of network traffic is created by the worm, which scans both internal and external IP addresses for vulnerable servers,” the report continues.

Spida’s main aim is to export the server’s SAM password database and gather information about its network database and configuration. The worm installs its files into Windowssystem32 directory or Windowssystem32drivers directory, according to ISS.

The security vendor recommends that SQL users visit Microsoft’s site: www.microsoft .com/sql/techinfo/administration/200/security.asp.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code