Oracle worm mutations

Welcome to the Oracle community forum, and interact with 2 million technical staff. Go to a popular security email list and publish a variant of the recently discovered version of the Oracle navigator worm with greater destructive power. This new variant of the worm virus has access permissions to public database user accounts, but there is still a lack of mechanisms to replicate itself, Ora

Welcome to the Oracle community forum and interact with 2 million technicians> go to a popular security email list and publish a variant of the recently discovered more destructive version of the Oracle navigator worm. This new variant of the worm virus has access permissions to public database user accounts, but there is still a lack of mechanisms to replicate itself, Ora

Welcome to the Oracle community forum and interact with 2 million technical staff> enter

A popular security email list shows a variant of the recently discovered more destructive version of the Oracle navigator worm.

This new variant of the worm virus has access permissions to public database user accounts, but still lacks mechanisms to replicate itself, Oracle Security Expert Pete Finnigan wrote in his blog.

"This new Oracle navigator worm variant is written in PL/SQL and uses some key built-in packages that are commonly used by people like me to revoke public account access permissions, for example, UTL_HTTP, UTL_TCP, and UTL_SMTP, "Finnigan said. "This is a good piece of advice. Believe me !"

However, till today, no Oracle users have been attacked by such worms, the report said.

The first version of the Voyager worm came out of the mail list about two months ago. Experts explained that these worms use the UTL_TCP packet to scan remote databases in the same network, and then log on to one of them to retrieve the SID and several common user names and passwords of the user to try to log on.

At the SANS Internet storm center in bishida, Maryland, we recommend that you follow these steps to prevent the invasion of the worm and further variations after the first occurrence:

Modify the TCP/1521 default port of the Oracle listener (and set a listener password when you are running ).

Delete or lock the default user account as much as possible. Make sure that the default password is not used for all default accounts.

Revoke the PUBLIC permissions of the UTL_TCP and UTL_INADDR packages.

Revoke the create database link permission assigned to users who do not need to LINK to the remote DATABASE, including the CONNECT role.