Security 10810 Published by

A worm code-named "Voyager Alpha Force" that targets Microsoft Corp. SQL Server databases is roaming the Internet, trying to turn insecure database servers into launching pads for applications running out of FTP sites in the Philippines.

Voyager Alpha Force exploits blank SQL Server sa (system administrator) passwords, according to a security notice from Microsoft. The worm searches for servers running SQL Server by scanning for port 1433, which is the SQL Server default port. If the worm finds a server, it logs on with a blank (NULL) sa password.

If successful, the worm broadcasts the address of the unprotected SQL Server database on an IRC (Internet Relay Chat) channel. It then tries to load and run an executable file from an FTP site in the Philippines. The sa log-on gives the worm administrative access to the computer. Depending on a given system setup, the worm could also get access to other computers.

Read more