What are the characteristics of a SQL Killer worm attack?
The SQL killer worm attack is characterized by: massive consumption of network bandwidth. The SQL killer worm does not have the ability to destroy files and data. Its main impact is to consume a large amount of network bandwidth resources and paralyze the network.
The characteristics of the SQL killer worm virus are: massive consumption of network bandwidth
"SQL killer" virus (Worm The .SQL.helkerm worm) is an extremely rare worm that has an extremely short virus body but is extremely transmissible. The worm exploits a Microsoft SQL Server 2000 buffer overflow vulnerability to spread.
This virus does not have the ability to destroy files or data. Its main impact is to consume a large amount of network bandwidth resources and paralyze the network.
The worm attacks NT series servers installed with Microsoft SQL. The virus attempts to detect the 1434/udp port of the attacked machine (the default setting of Jiangmin Anti-Black King is to close port 1434, use Jiangmin Anti-Black King users will not be affected by the virus), if the detection is successful, a 376-byte worm code is sent.
1434/udp port is an open port for Microsoft SQL.
This port has a buffer overflow vulnerability on unpatched SQL Server platforms, which allows the worm's subsequent code to have the opportunity to run on the attacked machine and spread further.
The worm invaded the MS SQL Server system and ran in the application process space of the main program sqlservr.exe of MS SQL Server 2000. MS SQL Server 2000 has the highest level System permissions, so the worm also obtained System level permissions.
Attacked system: System without MS SQL Server2000 SP3 installed
Since the worm does not determine whether it has invaded the system, the harm caused by the worm is obvious and cannot be ignored. Failure to attempt an intrusion will cause a denial of service attack, causing the attacked machine to stop service and become paralyzed.
The worm attacks by the buffer overflow vulnerability in sqlsort.dll in the attacked machine and gains control.
Then obtain the GetTickCount function and socket and sendto function addresses from kernel32 and ws2_32.dll respectively.
Then call the gettickcount function, use its return value to generate a random number seed, and use this seed to generate an IP address as the attack object;
Then create a UDP socket and send its own code to The target is the 1434 port of the machine being attacked, and then enters an infinite loop, repeating the above to generate random numbers to calculate the IP address, and launch a series of attack actions.
For more related knowledge, please visit PHP Chinese website! !
The above is the detailed content of What are the characteristics of a SQL Killer worm attack?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to completely remove viruses from mobile phones Recommended methods to deal with viruses in mobile phones
Feb 29, 2024 am 10:52 AM
After a mobile phone is infected with a certain Trojan virus, it cannot be detected and killed by anti-virus software. This principle is just like a computer infected with a stubborn virus. The virus can only be completely removed by formatting the C drive and reinstalling the system. , then I will explain how to completely clean the virus after the mobile phone is infected with a stubborn virus. Method 1: Open the phone and click "Settings" - "Other Settings" - "Restore Phone" to restore the phone to factory settings. Note: Before restoring factory settings, you must back up important data in the phone. The factory settings are equivalent to those of the computer. "It's the same as formatting and reinstalling the system". After the recovery, the data in the phone will be cleared. Method 2 (1) First turn off the phone, then press and hold the "power button" + "volume + button or volume - button" on the phone at the same time.
What should I do if the edge browser detects a virus and cannot download it?
Jan 31, 2024 pm 06:51 PM
What should I do if the edge browser detects a virus and cannot download it? The edge browser is the default browser software for our Microsoft system computers, and it is also a browser software used by many friends. When downloading a file in the edge browser, it will be scanned by the computer's default security protection. If it is determined to be a risky file, it cannot be downloaded normally. If you must download the file, follow the editor to see if it cannot be downloaded. Let’s introduce the solution to the file. What should I do if the edge browser detects a virus and cannot download? 1. Open the edge browser settings and find private search and services - scroll down to find "Security" - turn off Microsoft Defender Smartscreen; 2. Then open our
Detailed explanation of the location of win10 virus isolation
Dec 25, 2023 pm 01:45 PM
Files isolated by Win10 viruses are generally stored in fixed locations. Many users want to open the quarantined files and restore their own files, but they don’t know where they are stored. In fact, they can usually be found in the isolation folder of the C drive security software. Where is the win10 virus quarantine file? Answer: In the C:\ProgramData\Microsoft\WindowsDefender\Quarantine folder, we can open this computer and directly copy and paste the file path to the path bar above to find it. Introduction to the virus isolation folder in win10: 1. In win10, the "Quarantine" file usually requires certain permissions to open. It is recommended to open the file as an administrator. 2,
Windows 10 Home Edition virus and threat protection cannot be restarted
Feb 12, 2024 pm 08:33 PM
Many guys find that viruses and threats cannot be used without protection when using Win10 Home Edition. First, they need to check whether they have been installed, and then they can open the administrator to check. Let’s take a look at the specific operation content. Win10 Home Edition virus and threat protection cannot be restarted: 1. Please confirm whether third-party anti-virus software such as 360, Tencent Computer Manager, etc. is installed on your computer? If such applications exist, please uninstall them, restart the device, and then observe whether the virus and threat protection functions can start normally. 2. Please press the "Windows logo key + X" key combination to start the "Windows PowerShell (Administrator)" environment and execute the following command: regadd"
Exploring Golang programming capabilities: Can it be used to write viruses?
Mar 19, 2024 pm 09:09 PM
With the rapid development of Internet technology, programming languages are also constantly emerging and evolving. Among them, Golang (Go language) has attracted much attention as an efficient and easy-to-use programming language. However, there is some controversy over whether Golang can be used to write viruses. In this article, we will explore Golang’s programming capabilities, explore whether it can be used to write viruses, and give some specific code examples. First, let us briefly introduce Golang. Golang is developed by Google
Let's talk about the security of Golang language: Is it easy to use for virus writing?
Mar 19, 2024 am 11:42 AM
Golang is a programming language developed by Google and is known for its efficient performance and concise syntax. However, like any programming language, Golang’s security is also a concern. This article will discuss the security of the Golang language, focusing on whether it can easily be used for virus writing, and provide specific code examples to illustrate relevant points. First, let's take a look at the features and advantages of the Golang language. Golang has powerful concurrency performance and built-in memory management mechanism,
What are the solutions to folder exe viruses?
Oct 27, 2023 pm 02:03 PM
Solutions to folder exe viruses include using security software, updating the system and software, opening attachments and downloading files with caution, backing up important data, setting up firewalls, cleaning the system regularly, etc. Detailed introduction: 1. Use security software: Install and regularly update trustworthy anti-virus software or security software, such as Tencent Computer Manager, 360 Security Guard, Kingsoft Antivirus, etc., for full scan and real-time protection; 2. Update system and software: Regularly Update operating systems and commonly used software with patches and security updates to fix known vulnerabilities, improve system and software security, and more.
What is anti-virus software
Jan 22, 2021 pm 03:14 PM
Anti-virus software is a type of application software. Application software is software provided to meet the application needs of users in different fields and problems; application software can broaden the application fields of computer systems and amplify the functions of hardware. Anti-virus software is software written in a programming language to eliminate computer viruses.