TrendLabs has received a number of reports from two major companies describing attacks via port 1434 that are attributed to this malware. This DDoS attack uses a vulnerability that allows remote attackers to create a denial of service condition between two Microsoft SQL servers. It affects systems running Microsoft SQL Server 2000. For more information on DDOS_SQLP1434.A please visit our Web site at: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName Thanks, Stephen L. Swick Team Lead Risk Management - Information Security American Electric Power 614-324-3929 SLSwickat_private "Dmitri Smirnov" <Dmitri.Smirnov@fuse To: <incidentsat_private> point.com> cc: Subject: Increased activity on UDP/1434 01/25/2003 02:05 AM Having a big number of connections on UDP/1434 from a random IPs in Internet on a different networks. One hour ago (22:00 PST) one server in colo space started to initiate a hundreds of connection per second to diff. hosts on Internet to port UDP/1434 (isolated). New worms? DDoS? Is anyone experience the same? Dmitri Smirnov, SSCP Security Team Fusepoint Managed Services Inc. Suite 2323, Three Bentall Centre 595 Burrard Street P.O. Box 49336 Vancouver B.C. V7X 1L4 Phone: (604) 687-7757 Fax: (604) 687-7761 Email: Dmitri.Smirnovat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Jan 26 2003 - 20:21:47 PST