[thechat] New worm

Martin Burns martin at easyweb.co.uk
Sun Jan 26 02:54:01 CST 2003 

On Sunday, January 26, 2003, at 01:03  am, Hugh Blair wrote:

>> -----Original Message-----
>> On Behalf Of Kevin Stevens
>>
>> Saw this on Reuters
>
> http://tinyurl.com/4wf9

Here's my provider's trouble ticket for it:

Ticket Number	2344250
Time Stamp	Jan 25 2003 1:13PM
Priority	P2
Status 	Updated
Department 	Problem Management
Estimated Fix Time	Unknown
Customers Affected 	All
Ticket Raised By	Chris Kilian
Detailed Desscription
At the present time there is a general exploit taking place on the
Internet, affecting all ISPs globally. This is resulting in a heavy
traffic load, causing slow connectivity to many Internet sites/services.
The industry is currently investigating the nature of this, and
discussing appropriate measures.

For more information please refer to http://www.cnn.com/TECH

As soon as we have more information on this an update will be provided.
----
Ticket Updates:
Last Modified	Name	Customers Affected	Estimated Time	Status	Priority
Jan 25 2003 7:38PM	Chris Kilian	All	Unknown	Updated 	P2
Detailed Description
The issues with the attack on Microsoft SQL Servers appears to have now
died out from reports that we have received. Customers may still notice
port scans if they are running any type of firewall software.

Also from the reports that we have received the worst affected areas
were Thailand, Korea and Japan however this had a knock on affect to the
rest of the world. The attack started at around 12:30am EST and was very
similar to the Code Red Infection from last year. Generally traffic
seems to have now levelled off and we will continue to monitor the
situation closely. It does however appear that the worst part of the
attack is over. Customers may however notice some slow web-pages or
services to various parts of the world with Japan, Korea and Thailand
being the most noticeable.

Further information on the affects of this can be found on the following
web-page.

http://www.washingtonpost.com/wp-dyn/articles/A41673-2003Jan25.html

Once again we would like to thank customers for their patience during
this time.
----
Jan 25 2003 2:47PM	Chris Kilian	All	Unknown	Updated 	P2
Detailed Description
 From investigation it has been found that this exploit is targeting
systems running Microsoft SQL Server. Any customers that are running
firewalls will notice port scan’s on port 1434.If any customer is
running any SQL services please ensure that these are secure.
Information on this and how to secure your server can be found at
http://securityresponse.symantec.com/avcenter/venc/data/w32.sqlexp.worm.html

As soon as we have more information an update will be provided.

> The new terrorism has arrived...

Nah, this type of exploit has been about for *ages*

Cheers
Martin
_______________________________________________
email: martin at easyweb.co.uk             PGP ID:	0xA835CCCB
	martin at members.evolt.org      snailmail:	30 Shandon Place
   tel:	+44 (0)774 063 9985				Edinburgh,
   url:	http://www.easyweb.co.uk			Scotland

More information about the thechat mailing list