[Dshield] SQLSnake

Kelly Martin kmartin at pyrzqxgl.org
Tue Jul 9 19:19:39 GMT 2002

IIRC, SQLSnake changes the sa password on the target machine as part of the
insinuation process, so once a machine has been infected it's not possible
to infect it again or target it without knowledge of the new password.

----- Original Message -----
From: "Jon R. Kibler" <Jon.Kibler at aset.com>
To: <list at dshield.org>
Sent: Tuesday, July 09, 2002 2:03 PM
Subject: [Dshield] SQLSnake

> To All:
> It amazes me how many times each day we are still getting hit with
SQLsnake probes. Given the nature of this worm -- as I understand it, it
exploits the lack of a password on a server admin account -- I would think
that someone would have developed a 'snake killer' that would simply shut
down the infected system. That is, the program would also take advantage of
the lack of proper passwords to issue the command(s) to shut down the
> Is this indeed possible? (If not, what am I missing?) Has such a program
been developed and from where is it available?
> Thanks!
> Jon R. Kibler
> Advanced Systems Engineering Technology, Inc.
> Mt. Pleasant, SC (Charleston) USA
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:

More information about the list mailing list