White Papers White Papers

CERT® Incident Note IN-2001-13: Kaiten Malicious Code a/k/a W32/Voyager, Voyager Alpha Force, W32/CBlade.Worm, Installed by Exploiting Null Default Passwords in MS-SQL

Overview Release Date: November 27, 2001

Systems Affected:
- Systems running Microsoft SQL Server (MS SQL) or Microsoft SQL 2000 Server (SQL 2000) installed with mixed mode security enabled
-Systems running Microsoft Data Engine (MSDE) installed with mixed mode security enabled
-Systems running Tumbleweed's Secure Mail (MMS) versions 4.3, 4.5, and 4.6

Overview: The CERT/CC has received reports of a new variant of the Kaiten malicious code being installed through exploitation of null default sa passwords in Microsoft SQL Server and Microsoft Data Engine. (Microsoft SQL 2000 Server will allow a null sa password to be used, but this is not default behavior.) Various sources have referred to this malicious code as W32/Voyager, Voyager Alpha Force, and W32/CBlade.worm.

Description: "Kaiten" made its initial appearance in August 2001 and is based on the "Knight" distributed attack tool mentioned in CA-2001-20 Continuing Threats to Home Users.

In reports received by the CERT/CC, installation of "Kaiten" was preceded by scans for hosts listening on 1433/tcp (MS-SQL). The infection process leverages sa accounts with null passwords to gain access to vulnerable systems. It then uses the xp_cmdshell stored procedure to initiate an FTP session from the victim system to a remote site. A copy of "Kaiten" is then downloaded and executed on the victim system.

Once the "Kaiten" code has begun execution on the victim system, it connects to an IRC server (on port 6667/tcp or 6669/tcp, according to reports received by the CERT/CC) to await further commands from the attacker. The attacker can then remotely issue commands to multiple compromised systems simultaneously, allowing compromised hosts to be used as DDoS agents, port scanners, etc. The attacker can also remotely reconfigure "Kaiten" via IRC to modify certain settings, including the IRC servers and channels it connects to.

At least three variants of "Kaiten" have been f

Further White Paper Details
PublisherCERT Coordination Center File FormatHTML
Date PublishedNovember 2001 Downloads3
FormatWhite Papers   
Topics
    N/A
  • Download White Paper
  • Yes, useful No, not useful Did you find this white paper useful?

Building a Hybrid Data Warehouse Model

Download

This paper discusses the hybrid design and provides a fully functional reference implementation. The system runs on Oracle Database 10g. It contains all code needed to build the database schemas,...

Balancing Security Against Productivity

Download

What makes for great security? Is it about keeping the bad guys out or letting the good guys in? About defending attacks or preventing them? When IDG Research Services queried...

Automation for the New Data Center

Download

Is your data centre being squeezed by increasing power and cooling costs? Are your servers underutilised and costly to manage? Virtualization enables data center managers to make far better use...

Database Consolidation Makes New IT Initiatives Possible

Download

The Issue: The proliferation of databases is Preventing money and staff from being devoted to new IT initiatives.Read this recent AMR Research survey which found that companies are reducing the...

The Benefits for Growing and Mid-Sized Businesses of a Having One Integrated Business Management Software Suite

Download

Overcoming the barriers of stand-alone business applications is a major challenge to growth for companies worldwide. Learn how an expanding organization can better gain control of its business operations and...

  • Featured White Papers
Packeteer

Best in Class Organisations Use Packeteers WAN Optimisation Solutions


Independent research from the Aberdeen Group shows that the most successful enterprises are reaping the benefits of the Packeteer solution and are using it for competitive advantage. Download the full report to find out why.

Download

Novell

IDC Executive Brief: The Rising Concerns Over Endpoint Security


Today's IT environment is increasingly vulnerable to threats and attacks, both from within and without. The most vulnerable node in the enterprise network is the endpoint.

This IDC executive brief examines how an integrated EPS solution with multiple security layers, has been proven to deliver the highest level of protection at the lowest TCO.

Download

Novell

A Blueprint for Better Management from the Desktop to the Data Center


In the new service-oriented world, virtualization is critical. However, with virtualization comes a new set of management challenges. The introduction of virtual machine operating system “images” as a first-class IT asset necessitates OS image lifecycle management—for instantiation, usage and retirement.

Download

Childnet helps parents get web savvy

Childnet helps parents get web savvy

Case study: Gov't initiative to bridge digital divide more

More Public Sector

Travel site bookings fly when glitch fixed

Travel site bookings fly when glitch fixed

Case study: Testing software gives Thomson Holidays a boost more

More Retail & Leisure

Cheat Sheet: BBC iPlayer

Cheat Sheet: BBC iPlayer

Get the lowdown on Auntie's biggest online endeavour more

More WebWatch


Quick Sitemap Links: