A worm, code-named "Voyager Alpha Force," that takes
advantage of blank SQL Server system administrator (sa) passwords has been found on the Internet. The worm looks for a
server that is running SQL Server by scanning for port 1433. Port 1433 is the
SQL Server default port. If the worm finds a server, it tries to log in to the
default instance of that SQL Server with a blank (NULL) sa
password.
If the login is successful, it broadcasts the
address of the unprotected SQL Server on an Internet Relay Chat (IRC) channel,
and then tries to load and run an executable file from an FTP site in the
Philippines. Logging in to SQL Server as sa gives the user administrative access to the computer, and
depending on your particular environment, possibly access to other computers.
Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.