[ISN] Tool: Sapphire SQL Worm Scanner

From: InfoSec News (isnat_private)
Date: Mon Jan 27 2003 - 03:01:04 PST

  • Next message: InfoSec News: "[ISN] Virus attack reveals flaw in network security strategies"

    Forwarded from: "Marc Maiffret" <marcat_private>
    We had a lot of requests to put together a quick free scanner, like
    we've done in the past, for this SQL worm.
    This is the first version and it is bound to have bugs. Feel free to
    email me any issues directly and we can work on them.
    The scanner is non-intrusive, wont crash your servers, in identifying
    vulnerable systems. It WILL NOT identify already infected systems.
    Because of the nature of the worm it keeps any valid data from getting
    to the victim system. We suggest using sniffers and IDS's to determine
    already infected machines.
    You can download the scanner from:
    For more details about the Sapphire SQL Worm:
    If you have any questions or comments feel free to mail me directly.
    As we find bugs and make improvements the changes will be reflected on
    our website. So go there for the latest ... that way we don't have to
    flood this list with email.
    Thanks to NGSSoftware (http://www.nextgenss.com/) for discovering the
    flaw the SQL worm uses and for publishing a technical write up which
    made this scanner possible. Once again illustrating that details ARE
    needed to help the good guys.
    Marc Maiffret
    Chief Hacking Officer
    eEye Digital Security
    http://eEye.com/Retina - Network Security Scanner
    http://eEye.com/Iris - Network Traffic Analyzer
    http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Jan 27 2003 - 05:47:05 PST