Exploit-SQLhuc

This page shows details and results of our analysis on the malware Exploit-SQLhuc

Download Current DAT: 6618

Threat Detail

Malware Type: Malware

Malware Sub-type: Exploit

Discovery Date: 2002-11-01

Next Steps:

Overview
Characteristics
Method of Infection
Removal

Overview

Minimum DAT

4236 (2002-12-04)

Updated DAT

4406 (2004-11-10)

Minimum Engine

5.1.00

File Length

varies

Description Added

2003-02-04

Description Modified

2003-02-04

Malware Proliferation

Characteristics

This detection is for malware applications which exploit the 'SQL Server UDP Buffer Overflow Remote Exploit' vulnerability. Read more about this vulnerability in Microsoft Security Bulletin MS02-039.

It can be used to send a UDP packet (494 bytes) to port 1434 of remote vulnerable machines. It has been used in conjunction with a distributed denial of service IRC bot detected as DDoS-SQLhuc.

Multiple versions of this malware are covered by this detection (the source code is publicly available). Latter variants require more recent DATs for detection.

Symptoms

Method of Infection

This application exploits a vulnerability in SQL servers.

Removal

All Users:
Use specified engine and DAT files for detection and removal.

Additional Windows ME/XP removal considerations