[thechat] New worm
Martin Burns
martin at easyweb.co.uk
Sun Jan 26 02:54:01 CST 2003
On Sunday, January 26, 2003, at 01:03 am, Hugh Blair wrote:
>> -----Original Message-----
>> On Behalf Of Kevin Stevens
>>
>> Saw this on Reuters
>
> http://tinyurl.com/4wf9
Here's my provider's trouble ticket for it:
Ticket Number 2344250
Time Stamp Jan 25 2003 1:13PM
Priority P2
Status Updated
Department Problem Management
Estimated Fix Time Unknown
Customers Affected All
Ticket Raised By Chris Kilian
Detailed Desscription
At the present time there is a general exploit taking place on the
Internet, affecting all ISPs globally. This is resulting in a heavy
traffic load, causing slow connectivity to many Internet sites/services.
The industry is currently investigating the nature of this, and
discussing appropriate measures.
For more information please refer to http://www.cnn.com/TECH
As soon as we have more information on this an update will be provided.
----
Ticket Updates:
Last Modified Name Customers Affected Estimated Time Status Priority
Jan 25 2003 7:38PM Chris Kilian All Unknown Updated P2
Detailed Description
The issues with the attack on Microsoft SQL Servers appears to have now
died out from reports that we have received. Customers may still notice
port scans if they are running any type of firewall software.
Also from the reports that we have received the worst affected areas
were Thailand, Korea and Japan however this had a knock on affect to the
rest of the world. The attack started at around 12:30am EST and was very
similar to the Code Red Infection from last year. Generally traffic
seems to have now levelled off and we will continue to monitor the
situation closely. It does however appear that the worst part of the
attack is over. Customers may however notice some slow web-pages or
services to various parts of the world with Japan, Korea and Thailand
being the most noticeable.
Further information on the affects of this can be found on the following
web-page.
http://www.washingtonpost.com/wp-dyn/articles/A41673-2003Jan25.html
Once again we would like to thank customers for their patience during
this time.
----
Jan 25 2003 2:47PM Chris Kilian All Unknown Updated P2
Detailed Description
From investigation it has been found that this exploit is targeting
systems running Microsoft SQL Server. Any customers that are running
firewalls will notice port scan’s on port 1434.If any customer is
running any SQL services please ensure that these are secure.
Information on this and how to secure your server can be found at
http://securityresponse.symantec.com/avcenter/venc/data/w32.sqlexp.worm.html
As soon as we have more information an update will be provided.
> The new terrorism has arrived...
Nah, this type of exploit has been about for *ages*
Cheers
Martin
_______________________________________________
email: martin at easyweb.co.uk PGP ID: 0xA835CCCB
martin at members.evolt.org snailmail: 30 Shandon Place
tel: +44 (0)774 063 9985 Edinburgh,
url: http://www.easyweb.co.uk Scotland
More information about the thechat
mailing list