Several antivirus firms have released advisories on next steps. For Avert (Network Associates) users:
- Stinger will be able to locate the worm (in memory) on infected SQL servers and shut down the SQL processes.
- A McAfee ThreatScan signature update is available to locate unpatched Microsoft SQL 2000 servers.
- For users who have McAfee Desktop Firewall running on their SQL servers, simply create a rule that blocks incoming UDP port 1434.
- Install the most recent service pack.
- Security patches should be installed as they're released. Notifications are available via email.
- Use Microsoft Baseline Security Analyzer (MBSA) to assess a server's security.
- Use Windows Authentication Mode to shield a SQL Server installation from Internet-based attacks by restricting connections to Microsoft Windows user and domain user accounts.
- Isolate your server and back it up regularly.
- Assign a strong systems administrator password.
- Limit privilege level of SQL Server services.
- Disable firewall's SQL Server ports.
- Use secure file systems.
- Audit connections to SQL Server.
Delete or secure old setup files.
For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.
Let the editors know what you think in the Mailroom.
