利用微软SA口令为空的攻击活动猖獗
SA密码为空(NULL)的不安全的SQL服务器容易受到蠕虫 攻击 (Q313418) 此文信息适应于: 1 Microsoft SQL Server 2000 (all editions) 2 Microsoft SQL Server version 7.0 症状 在互联网上已经发现了一个代号为“Voyager Alpha Force”的蠕虫, 它 利用 那
SA密码为空(NULL)的不安全的SQL服务器容易受到蠕虫攻击(Q313418)
此文信息适应于:
1 Microsoft SQL Server 2000 (all editions)
2 Microsoft SQL Server version 7.0
症状
在互联网上已经发现了一个代号为“Voyager Alpha Force”的蠕虫,
它利用那些系统管理员(SA)密码为空的SQL服务器进行传播。此蠕虫通过扫描SQL的默认端口
1433端口来寻找SQL Server服务器。假如蠕虫发现了一台服务器,它就尝试用空(NULL)SA密码登入那个
SQL Server的默认状态。
假如登录成功,它将把这个无防卫的SQL Server的地址广播到一个互联网中继聊天(IRC)频道上去,
并且尝试从菲律宾的一个FTP站点加载和运行一个可执行文件。作为SA登录入SQL Server
后用户可以获得计算机的管理员权限,并且依赖特定的网络环境,还可以访问其它的计算机。
防范
下面的每一步大体上都将使你的系统更加安全,并且单独任何一种方法都将防止
这种特殊的蠕虫感染你的SQL Server服务器。注意这些步骤是针对任何SQL Server
安装的部分标准安全“最佳策略”。
1. 确保你的SA登录帐号的密码非空。只有你的SA登录帐号没有安全保障的时候蠕虫才会工作。
因此,你应该遵循在SQL Server
联机文档中“系统管理员(SA)登录”主题中的推荐模式,确保固有的SA帐号具有一个强壮的密码,
即使是你自己从不使用SA帐号。
2. 在你的互联网网关或防火墙上屏蔽1433端口和/或指定SQL Server监听一个可选的端口。
3. 假如在你的互联网网关上需要利用1433端口,启动用于防止此端口滥用的流入/流出过滤。
4. 将SQLServer和SQL Server客户端运行在微软的Windows NT帐号下,而不是localsystem。
5. 启动Windows NT验证,启动监听成功和失败的登录,然后停止并重启MSSQLServer服务。
设置你的客户端使用NT验证。
关于如何恢复一台已经被感染的系统的信息,请访问独立的CERT协调中心的网站,网址如下:
恢复一台被感染的UNIX或NT系统的步骤
http://www.cert.org/tech_tips/win-UNIX-system_compromise.html
入侵者检测清单
http://www.cert.org/tech_tips/intruder_detection_checklist.html
包含在此文中的第三方联系信息有助于你发现你需要的技术支持。
这些联系信息经常在不预先通知就改变了。微软无法担保这些第三方联系信息的准确性。
更多信息
重要:这不是SQL Server的bug;这是由一个不安全的系统造成的缺陷。
下来文件暗示蠕虫的存在:
rpcloc32.exe (md5 = 43d29ba076b4fd7952c936dc1737fcb4 )
dnsservice.exe (md5 = 79386a78a03a1665803d8a65c04c8791 )
win32mon.exe (md5 = 4cd44f24bd3d6305df73d8aa16d4caa0 )
另外,下列注册表键值的出现也暗示了此蠕虫的存在:
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TaskReg
下列注册表键值是关于一个SQL Server的现有键值,并已被蠕虫利用来通过使用TCP/IP
网络库来控制计算机的访问权:
SOFTWARE\Microsoft\MSSQLServer\Client\SuperSocketNetLib\ProtocolOrder
SOFTWARE\Microsoft\MSSQLServer\Client\ConnectTo\DSQUERY
此蠕虫利用xp_cmdshell扩展存储程序,此程序允许蠕虫执行任何运行SQL Server
服务的帐号有权执行的操作系统命令。
下列微软网页连接提供了关于如何保护你的SQL Server服务器的有关信息:
http://www.microsoft.com/sql/techinfo/administration/2000/security.asp
http://www.microsoft.com/sql/evaluation/features/security.asp
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1385
52
How to solve the problem that Windows 11 prompts you to enter the administrator username and password to continue?
Apr 11, 2024 am 09:10 AM
When using Win11 system, sometimes you will encounter a prompt that requires you to enter the administrator username and password. This article will discuss how to deal with this situation. Method 1: 1. Click [Windows Logo], then press [Shift+Restart] to enter safe mode; or enter safe mode this way: click the Start menu and select Settings. Select "Update and Security"; select "Restart Now" in "Recovery"; after restarting and entering the options, select - Troubleshoot - Advanced Options - Startup Settings -&mdash
How to set router WiFi password using mobile phone (using mobile phone as tool)
Apr 24, 2024 pm 06:04 PM
Wireless networks have become an indispensable part of people's lives in today's digital world. Protecting the security of personal wireless networks is particularly important, however. Setting a strong password is key to ensuring that your WiFi network cannot be hacked by others. To ensure your network security, this article will introduce in detail how to use your mobile phone to change the router WiFi password. 1. Open the router management page - Open the router management page in the mobile browser and enter the router's default IP address. 2. Enter the administrator username and password - To gain access, enter the correct administrator username and password in the login page. 3. Navigate to the wireless settings page - find and click to enter the wireless settings page, in the router management page. 4. Find the current Wi
Tutorial on changing wifi password on mobile phone (simple operation)
Apr 26, 2024 pm 06:25 PM
Wireless networks have become an indispensable part of our lives with the rapid development of the Internet. In order to protect personal information and network security, it is very important to change your wifi password regularly, however. To help you better protect your home network security, this article will introduce you to a detailed tutorial on how to use your mobile phone to change your WiFi password. 1. Understand the importance of WiFi passwords. WiFi passwords are the first line of defense to protect personal information and network security. In the Internet age, understanding its importance can better understand why passwords need to be changed regularly. 2. Confirm that the phone is connected to wifi. First, make sure that the phone is connected to the wifi network whose password you want to change before changing the wifi password. 3. Open the phone’s settings menu and enter the phone’s settings menu.
Microsoft releases Win11 August cumulative update: improving security, optimizing lock screen, etc.
Aug 14, 2024 am 10:39 AM
According to news from this site on August 14, during today’s August Patch Tuesday event day, Microsoft released cumulative updates for Windows 11 systems, including the KB5041585 update for 22H2 and 23H2, and the KB5041592 update for 21H2. After the above-mentioned equipment is installed with the August cumulative update, the version number changes attached to this site are as follows: After the installation of the 21H2 equipment, the version number increased to Build22000.314722H2. After the installation of the equipment, the version number increased to Build22621.403723H2. After the installation of the equipment, the version number increased to Build22631.4037. The main contents of the KB5041585 update for Windows 1121H2 are as follows: Improvement: Improved
Microsoft Edge upgrade: Automatic password saving function banned? ! Users were shocked!
Apr 19, 2024 am 08:13 AM
News on April 18th: Recently, some users of the Microsoft Edge browser using the Canary channel reported that after upgrading to the latest version, they found that the option to automatically save passwords was disabled. After investigation, it was found that this was a minor adjustment after the browser upgrade, rather than a cancellation of functionality. Before using the Edge browser to access a website, users reported that the browser would pop up a window asking if they wanted to save the login password for the website. After choosing to save, Edge will automatically fill in the saved account number and password the next time you log in, providing users with great convenience. But the latest update resembles a tweak, changing the default settings. Users need to choose to save the password and then manually turn on automatic filling of the saved account and password in the settings.
What should I do if my Win10 password does not meet the password policy requirements? What to do if my computer password does not meet the policy requirements?
Jun 25, 2024 pm 04:59 PM
In the Windows 10 system, the password policy is a set of security rules to ensure that the passwords set by users meet certain strength and complexity requirements. If the system prompts that your password does not meet the password policy requirements, it usually means that your password does not meet the requirements set by Microsoft. standards for complexity, length, or character types, so how can this be avoided? Users can directly find the password policy under the local computer policy to perform operations. Let’s take a look below. Solutions that do not comply with password policy specifications: Change the password length: According to the password policy requirements, we can try to increase the length of the password, such as changing the original 6-digit password to 8-digit or longer. Add special characters: Password policies often require special characters such as @, #, $, etc. I
Microsoft's full-screen pop-up urges Windows 10 users to hurry up and upgrade to Windows 11
Jun 06, 2024 am 11:35 AM
According to news on June 3, Microsoft is actively sending full-screen notifications to all Windows 10 users to encourage them to upgrade to the Windows 11 operating system. This move involves devices whose hardware configurations do not support the new system. Since 2015, Windows 10 has occupied nearly 70% of the market share, firmly establishing its dominance as the Windows operating system. However, the market share far exceeds the 82% market share, and the market share far exceeds that of Windows 11, which will be released in 2021. Although Windows 11 has been launched for nearly three years, its market penetration is still slow. Microsoft has announced that it will terminate technical support for Windows 10 after October 14, 2025 in order to focus more on
Microsoft Win11's function of compressing 7z and TAR files has been downgraded from 24H2 to 23H2/22H2 versions
Apr 28, 2024 am 09:19 AM
According to news from this site on April 27, Microsoft released the Windows 11 Build 26100 preview version update to the Canary and Dev channels earlier this month, which is expected to become a candidate RTM version of the Windows 1124H2 update. The main changes in the new version are the file explorer, Copilot integration, editing PNG file metadata, creating TAR and 7z compressed files, etc. @PhantomOfEarth discovered that Microsoft has devolved some functions of the 24H2 version (Germanium) to the 23H2/22H2 (Nickel) version, such as creating TAR and 7z compressed files. As shown in the diagram, Windows 11 will support native creation of TAR
