[unisog] udp port 1434 worm?

Phil.Rodrigues at uconn.edu Phil.Rodrigues at uconn.edu
Sat Jan 25 15:39:12 GMT 2003

We had 10-ish systems compromised so far, and their outbound scanning 
traffic was enough to nearly cripple our outbound Internet link.

First write-up I've seen on "MS Sapphire":  (named after the gin, which 
coincidentally I also had too many of last night)



Philip A. Rodrigues
Network Analyst, UITS
University of Connecticut

email: phil.rodrigues at uconn.edu
phone: 860.486.3743
fax: 860.486.6580
web: http://www.security.uconn.edu

Rich Graves <rcgraves at brandeis.edu>
01/25/2003 02:41 AM

        To:     unisog at sans.org
        Subject:        [unisog] udp port 1434 worm?

anyone isolated it yet? we've yanked a half dozen machines in the last 2
hours. all seem to be windoze, possibly related to ms-sql server.

given the unusual lag we're seeing on internet2 i'm assuming this is a
shared experience.
Rich Graves <rcgraves at brandeis.edu>
UNet Systems Administrator

More information about the unisog mailing list