lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <006b01c2c4a7$14054f30$6601a8c0@rms2>
From: rms at computerbytesman.com (Richard M. Smith)
Subject: Is Sapphire the world's smallest computer worm?

At 376 bytes, is this new Sapphire worm the world's smallest computer
worm?  The only competition I can think of is the Morse worm.  Anybody
know how big it was?

Richard

-----Original Message-----
From: cstone [mailto:cstone@...ox.com] 
Sent: Saturday, January 25, 2003 7:08 AM
To: Michael Bacarella
Subject: Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!


On Sat, Jan 25, 2003 at 02:11:41AM -0500, Michael Bacarella wrote:
> I'm getting massive packet loss to various points on the globe.
> I am seeing a lot of these in my tcpdump output on each
> host.
> 
> It looks like there's a worm affecting MS SQL Server which is
> pingflooding addresses at some random sequence.

yeah.  i guess it's an old vulnerability, but i don't keep up on
this stuff.

however, i have disassembled the code inside; all it does is send
itself to pseudorandomly generated hosts.

there is an annotated disassembly at 
http://www.boredom.org/~cstone/worm-annotated.txt

--cstone@...ox.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ