My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Win32.Worm.SQLExp.Slammer.A

HIGH
MEDIUM
376 bytes
( W32.SQLExp.Worm , W32/SQL.Slam.A)

Symptoms

Removal instructions:

The BitDefender Virus Analyse Team has releasead a free removal tool for this particular virus. Click here in order to download this tool.

Analyzed By

Sorin Victor Dudea
BitDefender Virus Researcher

Technical Description:

This is an Internet worm that spreads using a known vulnerability in MS SQL Server. For more information about this vulnerability go to:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-039.asp
It arrives as a malformed 376 bytes packet. It uses a stack overflow exploit to execute itself. After its code is executed it generates random IP numbers based on GetTickCount function and sends itself to those addresses using UDP port 1434. Because the worm send itself continuously it generates Denial Of Service.
To remove this vulnerability, install the following patch:
http://www.microsoft.com/Downloads/details.aspx?displaylang=en&FamilyID=DCFDCBE9-B4EB-4446-9BE7-2DE45CFA6A89