Slapper Worm Hits Net


Slapper Worm – The straight story. This is overblown. It is NOT spread via email. If you want to see if you have it, do this. Go to Start, Run, type “command” and hit enter. A DOS prompt should appear. Type “netstat -an” and hit enter. A long list of open ports should scroll. Towards the bottom of the list, look for the following line, UDP 123.123.123.123:1434 (the 123.123.123.123 would be your actually IP address) If you see a UDP:1434 line, you are running MS SQL service. Chances are you are infected and helping spread this worm. Please download the Microsoft patches accordingly and if you want, disable the SQLService via the Console. For more information contact me if you want.

This is a very targeted worm and you should do everything you can to help eliminate it. The MS patches have been available since August of 2002 and it is unfortunate that unpatched systems still existed. The good news is this worm only stays in memory and does not stay resident after a reboot. However, an unpatched Microsoft system running SQL service is still vulnerable and could be reinfected if brought back online.

Please keep your systems up to date, check Microsoft’s windowsupdate.microsoft.com for the latest software patches and fixes as often as possible.

Leave a Reply