This is a network worm discovered in November 2001. It attacks
servers running various versions of Microsoft SQL Server software.
By connecting to the SQL server via port 1433, the worm exploits
known security holes to gain access to a DOS prompt. After this
the worm ftps binary files from a fixed host and executes them
to spread further.
The sites that hosted the carrier binary files have been taken
down. In effect this stops the worm from spreading. This worm
is not expected to cause further problems.
[November 24, 2001; Mikko Hypponen, F-Secure Corp]
![](/images/pixel.gif"){kind=tracking}
