SecurityHome.eu Win32.Worm.SQLExp.Slammer.A

Home / malware PDF

Win32.Worm.SQLExp.Slammer.A

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Win32.Worm.SQLExp.Slammer.A is also known as W32.SQLExp.Worm, W32/SQL.Slam.A.
Explanation :
This is an Internet worm that spreads using a known vulnerability in MS SQL Server. For more information about this vulnerability go to:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-039.asp
It arrives as a malformed 376 bytes packet. It uses a stack overflow exploit to execute itself. After its code is executed it generates random IP numbers based on GetTickCount function and sends itself to those addresses using UDP port 1434. Because the worm send itself continuously it generates Denial Of Service.
To remove this vulnerability, install the following patch:
http://www.microsoft.com/Downloads/details.aspx?displaylang=en&FamilyID=DCFDCBE9-B4EB-4446-9BE7-2DE45CFA6A89
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20