[Full-Disclosure] Is Sapphire the world's smallest computer worm?

From: Richard M. Smith (rms@computerbytesman.com)
Date: 01/25/03

  • Next message: Roland Postle: "Re: [Full-Disclosure] Is Sapphire the world's smallest computer worm?" 
    From: "Richard M. Smith" <rms@computerbytesman.com>
To: "'Full-Disclosure'" <full-disclosure@lists.netsys.com>, "Richard M. Smith" <rms@computerbytesman.com>
Date: Sat, 25 Jan 2003 14:22:19 -0500

    At 376 bytes, is this new Sapphire worm the world's smallest computer
    worm? The only competition I can think of is the Morse worm. Anybody
    know how big it was?

    Richard

    -----Original Message-----
    From: cstone [mailto:cstone@pobox.com]
    Sent: Saturday, January 25, 2003 7:08 AM
    To: Michael Bacarella
    Subject: Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

    On Sat, Jan 25, 2003 at 02:11:41AM -0500, Michael Bacarella wrote:
    > I'm getting massive packet loss to various points on the globe.
    > I am seeing a lot of these in my tcpdump output on each
    > host.
    >
    > It looks like there's a worm affecting MS SQL Server which is
    > pingflooding addresses at some random sequence.

    yeah. i guess it's an old vulnerability, but i don't keep up on
    this stuff.

    however, i have disassembled the code inside; all it does is send
    itself to pseudorandomly generated hosts.

    there is an annotated disassembly at
    http://www.boredom.org/~cstone/worm-annotated.txt

    --cstone@pobox.com

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

    Relevant Pages
    • Quantcast