Why Old SQL Worms Won't Die

Why Old SQL Worms Won't Die 64

Posted by ScuttleMonkey on Monday February 25, 2008 @04:31PM from the looking-for-a-user-security-patch dept.

narramissic writes "In a recent ITworld article, Security researcher Brent Huston ponders how it is that versions of SQL worms dating back to 2002 represent nearly 70% of all malicious traffic on the Internet today. 'I have made a few attempts to backtrack hosts that perform the scans and at first blush many show the signs of common botnet infections. Most are not running exposed SQL themselves, so that means that the code has likely been implemented into many bot-net exploitation frameworks. Perhaps the bot masters have the idea that when they infiltrate a commercial network, the SQL exploits will be available and useful to them? My assessment team says this is pretty true. Even today, they find blank "sa" passwords and other age-old SQL issues inside major corporate clients. So perhaps, that is why these old exploits continue to thrive."

Why Old SQL Worms Won't Die

This discussion has been archived. No new comments can be posted.

Search 64 Comments Log In/Create an Account

Comments Filter:

Re:70% really? (Score:4, Informative)

by tcopeland ( 32225 ) writes: <tom AT thomasleecopeland DOT com> on Monday February 25, 2008 @05:23PM (#22550842) Homepage

> I used to get a lot of traffic from SSH brute force attacks

Yup. One of the first bits I install on a new server is DenyHosts [sf.net]; "service denyhosts start" and an hour later there are a half dozen IPs in /etc/hosts.deny. Good times.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Why Old SQL Worms Won't Die 64

Why Old SQL Worms Won't Die More Login

Why Old SQL Worms Won't Die

Re:70% really? (Score:4, Informative)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot