Phatbot Worm May Be Attacking SQL Server Ports

A new variant of the Phatbot worm appears to be loose on the Internet, attacking SQL Server ports, the SANS Institute reported Monday.

April 19, 2004

1 Min Read
Network Computing logo

A new variant of the Phatbot worm appears to be loose on the Internet, attacking SQL Server ports, the SANS Institute reported Monday.

Phatbot, which first appeared on the Internet last month, is planted on a Windows system and controlled by attackers through peer-to-peer file-sharing technology. Once installed on vulnerable systems, the worm has the capability to change itself to avoid and shut down anti-virus software, steal Windows software license keys, lift user names and passwords, and kill other worms and viruses.

The new variant probes transmission control protocol (TCP) ports 2745, 1025, 3127, 6129, 5000, 80 and 1433, as well as Microsoft's NetBIOS, the SANS Institute said in its warning. The malware apparently tries "to break SQL Server ports as well as the other vulnerabilities already exploited."

SANS, a security research and education group, is attempting to capture an executable file for the Phatbot variant for further analysis.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights