Virus Alert: Voyager worm hybrid spells trouble

NEWS Security Focus has identified a hybrid distributed denial of service (DDoS) tool that features some of the self-propagating techniques previously seen only in worms. The security group said the Voyager Alpha Force tool, which is similar to the well-known DDoS tool Kaiten, is spreading rapidly on the internet. The company said in a statement: "Security Focus ARIS Incident Analysts identified a rapidly growing network of controlled agents or "bots", increasing 600 per cent in the last six hours, which can be used to launch a DDoS attack." The tool is propagated through incorrectly configured Microsoft SQL server systems by scanning the system administrator accounts for a specified password. The Voyager Alpha Force tool can be used to control a large number of agents residing on compromised hosts by issuing commands that would start the DDoS attack, or by causing the program to continue propagating. Security Focus has issued the following advice to administrators worrying about the tool:
1. Verify that the System Administrator "sa" account does not exist.
2. Do not have a blank password if running Microsoft SQL server.
3. Use a firewall to block port 1433.