Tool: Sapphire SQL Worm Scanner

From: Marc Maiffret (marc@EEYE.COM)
Date: 01/26/03

  • Next message: Mike Hays: "Microsoft AppCenter and W32/SQLSlammer" 
    Date:         Sat, 25 Jan 2003 20:51:47 -0800
From: Marc Maiffret <marc@EEYE.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    We had a lot of requests to put together a quick free scanner, like we've
    done in the past, for this SQL worm.

    This is the first version and it is bound to have bugs. Feel free to email
    me any issues directly and we can work on them.

    The scanner is non-intrusive, wont crash your servers, in identifying
    vulnerable systems. It WILL NOT identify already infected systems. Because
    of the nature of the worm it keeps any valid data from getting to the victim
    system. We suggest using sniffers and IDS's to determine already infected
    machines.

    You can download the scanner from:
    http://www.eeye.com/html/Research/Tools/SapphireSQL.html

    For more details about the Sapphire SQL Worm:
    http://www.eeye.com/html/Research/Flash/AL20030125.html

    If you have any questions or comments feel free to mail me directly. As we
    find bugs and make improvements the changes will be reflected on our
    website. So go there for the latest ... that way we don't have to flood this
    list with email.

    Thanks to NGSSoftware (http://www.nextgenss.com/) for discovering the flaw
    the SQL worm uses and for publishing a technical write up which made this
    scanner possible. Once again illustrating that details ARE needed to help
    the good guys.

    Signed,
    Marc Maiffret
    Chief Hacking Officer
    eEye Digital Security
    T.949.349.9062
    F.949.349.9538
    http://eEye.com/Retina - Network Security Scanner
    http://eEye.com/Iris - Network Traffic Analyzer
    http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Delivery co-sponsored by TruSecure Corporation
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    TICSA - Anniversary Special - Limited Time

    Become TICSA certified for just $221.25 US when you register before 3/31/03
    with PROMO "TS0103" at www.2test.com. NO membership fees, certification
    good for 2 years. Price for international delivery just $296.25 US, with
    this offer. Offer cannot be combined with any other special and expires
    3/31/03. Visit www.trusecure.com/ticsa for full details.

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

    Relevant Pages

    • Tool: Sapphire SQL Worm Scanner
      ... We had a lot of requests to put together a quick free scanner, ... It WILL NOT identify already infected systems. ... For more details about the Sapphire SQL Worm: ... http://eEye.com/Retina - Network Security Scanner ...
      (Security-Basics)
    • [VulnWatch] Tool: Sapphire SQL Worm Scanner
      ... We had a lot of requests to put together a quick free scanner, ... It WILL NOT identify already infected systems. ... For more details about the Sapphire SQL Worm: ... http://eEye.com/Retina - Network Security Scanner ...
      (VulnWatch)
    • [Full-Disclosure] Tool: Sapphire SQL Worm Scanner
      ... We had a lot of requests to put together a quick free scanner, ... It WILL NOT identify already infected systems. ... For more details about the Sapphire SQL Worm: ... http://eEye.com/Retina - Network Security Scanner ...
      (Full-Disclosure)
    • Tool: Sapphire SQL Worm Scanner
      ... We had a lot of requests to put together a quick free scanner, ... It WILL NOT identify already infected systems. ... For more details about the Sapphire SQL Worm: ... http://eEye.com/Retina - Network Security Scanner ...
      (Bugtraq)
    • Quantcast