Hacker publishes Oracle proof-of-concept worm

A worm that can attack Oracle databases has been posted to a security-related Internet mailing list.

A worm that can attack Oracle databases has been posted to a security-related Internet mailing list, raising the specter of possible future worms with dangerous payloads.

Code for the worm was posted Monday by an anonymous person on the Full-disclosure mailing list who used the subject line "Trick or treat Larry." It is a "proof of concept" worm with a harmless payload, but similar worms could automatically spread among databases and wreak havoc, security researchers said Wednesday.

"Trick or treat" is the first Oracle worm that security researcher Alexander Kornbrust has seen "in the wild," outside a lab setting. Hackers who target Oracle databases normally aim at a single database and steal information from it, said Kornbrust, of Red-Database-Security GmbH, in Neunkirchen, Germany. A worm could automate the process of getting into many databases within a company or on the Internet, he said. Some enterprises use thousands of Oracle databases.

Two factors limit the size of the worm's threat, according to security analysts. It takes advantage of default passwords provided by Oracle, which users typically replace with their own passwords, though Kornbrust estimates that half of all Oracle shops use a default password on at least one database. In addition, most Oracle databases are not connected directly to the Internet, so an attacker would have to get access to the LAN to release the worm.

To protect themselves against the worm, users should stop using default passwords and also password-protect the "listener" element of the database, a process that is responsible for communication between a user and the database, Kornbrust said. Most users leave this process open without a password, he said.

The "trick or treat" code won't cause any damage, according to analysts. Once it gets into a database, it just creates a new table, called "x." But greater threats could be on the way.

"As always, it's possible to change the payload and do more dangerous things, like modifying data, deleting data, or stealing data," Kornbrust said. He doubts a future attacker would use the very same code, but thinks an Oracle database worm would not be particularly hard to write.

If a worm could successfully spread using default passwords, the next thing to worry about would be one that includes "dictionary" attack code to figure out passwords, said David Kennedy, senior security analyst at Cybertrust. A "dictionary" attack tests words from the dictionary as possible passwords. Fortunately, most administrators of valuable Oracle databases don't use the kinds of simple passwords that could be easily found by this kind of attack, he said.

"If I was responsible for a valuable Oracle installation, I'd already be thinking about that kind of problem," Kennedy said. "This is one of those things that (Oracle administrators) would have already architected against."

One reason database worms are rare may be that they are not good tools for stealing data, Red Database's Kornbrust said. However, analysts said a worm that could rapidly go from one database to another could cause problems by erasing or changing data. For example, an attacker could unleash a worm on a company and change the information in its databases, then extort money from the company for a remedy that would bring back the correct information, Kornbrust said.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Stephen Lawson

IDG News Service
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?