-It's actually a fairly low threat," John Donovan, managing director of Symantec Asia Pacific told ZDNet Australia. -We've graded it a level 2, with the highest threat being level 5. By contrast, Code Red was a level 4."
-The number of SQL servers is very low, and it's fairly easy to fix, you just have to change the administrator's password so it's not blank," Donovan said. -It's got a fairly limited number of attack points, it's unlikely to spread."
Symantec's site shows less than 50 cases of infections, in stark contrast to the 6,600 being touted in other reports.
The worm infects computers running Microsoft SQL Servers that do not have a patch released by Microsoft in April. In addition, the server must be running under administrative access, but with no password on the administrator account.
The worm then deletes file "%SystemRoot%\system32\msver241.srq" and sends the compromised server IP address to the hacker's e-mail account. It also changes the SQL administrator's password to a set of four random characters and scans for vulnerable servers on port 1433.
-It illustrates that it's important to have good antivirus software, and to ensure that you keep passwords changed regularly," Donovan said.
