Friday, November 04, 2005

Oracles first worm

As a sure sign that hackers have spread out from targeting Microsoft all the time, a worm that can attack Oracle databases has been posted to a security-related Internet mailing list, raising the specter of possible future worms laden with dangerous payloads.

An anonymous person who used the subject line "Trick or treat Larry" posted code for the worm on the Full-disclosure mailing list earlier this week. The "proof of concept" worm carries a harmless payload, but similar worms could automatically spread among databases and wreak havoc, security researchers said Wednesday. Hackers who target Oracle databases normally aim at a single database and steal information from it. A worm could automate the process of getting into many databases within a company or on the Internet. Some enterprises use thousands of Oracle databases. Recently, Oracle has reached out to smaller businesses with lower-end versions of its database.

Two factors limit the magnitude of the worm's threat, according to security analysts. First, it exploits Oracle's default passwords, which users typically replace with their own passwords--though analysts estimates that half of all Oracle shops use a default password on at least one database. In addition, most Oracle databases aren't connected directly to the Internet, so an attacker would have to gain access to the LAN to release the worm.

CATEGORIES: 1Database, 1worms, 1first
Rate this post: (Provided by NewsGator)

0 Comments:

Post a Comment

<< Home