Aliases: W32/SQL 
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: dormant
Spreading: slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 21 Nov 2000
Damage: Low

Characteristics: W32.Cblade.Worm is a Microsoft SQL Server written worm which infects only computers installed SQL Server. Contamination is minimal since it requires a SQL Server and a no password policy for administration account in order for it to spread and run into your computer.

More details about W32.Cblade.Worm

The program allegedly connects to a website to access a script which allows it to update itself. Parameters passed to this script include the country and time zone of the infected system. It is assumed that the program does this so that possible denial of service attacks can be initiated on a synchronized basis. The program is considered a risk as it all installs without the user’s knowledge. It also utilizes security exploits to allow a remote user to take control of the affected system. The remote user may then install additional questionable applications that may compromise the system. The system may also be used as a zombie computer or a part of a botnet.

This program can be used to participate in denial of service attacks or to transmit sensitive information. An infected computer is expected to perform slower than usual. The computer’s internet connection may also suffer due to the bandwidth consumed by the program. Unusual connections are also logged at the TCP ports.