Yesterday's SQL worms, today's problem
For the last few weeks I have been watching old versions of SQL attacks, worms
and probes continue to circulate around the Internet. For a year or so now,
I have continued to be fascinated by the life span of old attacks and worms.
The thing about these SQL worms is that their traffic is so large, even today.
According to popular sources like ATLAS, they represent nearly 70% of all malicious
traffic on the Internet today. 70% is a large number, especially for vulnerabilities
that date back to 2002. Here we are
more than 5 years later and these threats are still propagating!
Our HoneyPoints often detect Slammer worm activity and illicit SQL probes from
the Internet. These probes originate from all around the world and no particular
region seems to emerge as the most common.
But what of targets? Our assessment technicians say they almost never run into
one in corporate environments today. I suppose that they still exist in more
than a few cable modem or other systems without proper firewalls, but certainly
the availability of SQL services to the raw Internet has to have dwindled to
almost none. If that is true, then why all the scanning activity?
I have made a few attempts to backtrack hosts that perform the scans and at
first blush many show the signs of common botnet infections. Most are not running
exposed SQL themselves, so that means that the code has likely been implemented
into many bot-net exploitation frameworks. Perhaps the bot masters have the
idea that when they infiltrate a commercial network, the SQL exploits will be
available and useful to them? My assessment team says this is pretty true. Even
today, they find blank “sa” passwords and other age-old SQL issues
inside major corporate clients. So perhaps, that is why these old exploits continue
to thrive.
In either case, significant efforts should be made to reduce or eliminate these
older vulnerabilities and to remove them from our current threats
that we face today. So long as we have this noisy attack traffic from the past
circulating, it makes it even harder for us to focus on emerging threats and
risks that affect our Internet facing systems today.
MicroSolved, Inc.
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Enterprise 2.0 Implementation
By Aaron C. Newman, Jeremy Thomas
Published by McGraw-Hill
Learn more!
Deploying Cisco Wide Area Application Services
By Zach Seils, Joel Christner
Published by Cisco Press
Learn more!
