SQL Server gets its first virus

By Alun Williams

Posted on 31 May 2002 at 17:39

Microsoft is facing another security hole in its software with the discovery that SQL Server has attracted the unwanted attentions of a worm.

'Digispid.B.Worm' is a worm that spreads to computers running Microsoft SQL Server that have a blank SQL administrator password. This would not represent a widespread problem, you may feel. By default, however, SQL Server ships with a blank password for the administrator account.

Symantec reports that the worm copies files to the infected computer and changes the administrator password to a string of four random characters. The anti-virus company also asserts that SQL needs to be running with administrative access and, by default, the SQL Server runs in the security context of a domain user.

More worryingly, SQL Server underpins many new features of the windows XP system - such as Smart Tags within Office XP and the Internet-based, collaborative SharePoint. Developers may code in system administrator access as part of new functionality carried out by Smart Tags, for example.

For its part, Microsoft acknowledges that 'increased attempts to log into Internet-facing SQL Server computers with blank passwords are being seen on the Internet'. You can check out Microsoft's Product Support Services Informational Alert on SQL Server on their Web site. (The Microsoft Product Support Services Security Team is advising SQL Server administrators to apply the patch in Microsoft Security Bulletin MS02-020.)

You can check Symantec's advice on its anti-virus pages here.