'Spida' Worm Targets Microsoft SQL Servers


Security firms Tuesday warned of a new Internet worm targeting Microsoft SQL servers.

Dubbed "Spida," the worm tries to compromise servers running Microsoft SQL Server software using the default SQL administrator account, "SA," and a blank password, according to an alert issued by Internet Security Systems' X-Force research team.

Spida is not destructive to the system it infects but can generate a damaging amount of network traffic as it scans for more targets, X-Force said. On Tuesday, it had "created large amounts of Internet traffic as well as millions of TCP/IP probes," the researchers said.

Riptech, a managed security provider, said its Security Operations Centers had seen "more than 100-fold increase in the number of unique attacking Internet Protocol (IP) addresses targeting Microsoft SQL servers" in the past 24 hours.

After Spida finds a vulnerable server and infects it, the worm sends its configuration and password information to an external host and begins scanning for new targets, according to X-Force.

Antivirus vendors Symantec and Trend Micro both rated the worm as low risk.