- Unusually high outgoing traffic from an infected system to the port 1434 UDP. This worm does not exist as a file on your system. No INI or registry keys are created by this worm. The MD5 checksum of the worm (376 bytes) is A0AA4A74B70CBCA5A03960DF1A3DC878.
- The malformed packet is only 376 bytes long (which is the full worm!) and carries the following strings: "h.dllhel32hkernQhounthickChGetTf", "hws2", "Qhsockf" and "toQhsend".
This virus exists only in memory of unpatched Microsoft SQL servers. Its purpose is simply to spread from one system to another and it does not carry a destructive payload.
This worm causes increased traffic on UDP port 1434 and spreads between SQL servers. Heavy network traffic, associated with this threat, can affect network performance on all systems on the network.
The worm body starts with byte 04 (followed by a long series of 01s) which when received by the SQL Monitor generates a long registry key name overflowing the buffer. That overwrites the return address on stack and the worm code receives control with the privileges of the SQL Monitor.
SFTP stands for Secure File Transfer Protocol. It is now the standard file transfer protocol on Eden and RCI. SFTP gives users a scure way to FTP files across the internet. SFTP is usually installed when SSH is installed on a GNU Linux/UNIX machine.
SFTP is now the standard file transfer protocol on Eden and RCI. You can obtain a graphical SFTP client by following the steps below:
1) Go to software.rutgers.edu
2) Log in using your Rutgers Netid and password.
To use VPN at Rutgers, the software needed to use the VPN is the Juniper VPN client. It is also available for most other operating systems and can be downloaded from http://software.rutgers.edu/product/3085. All documentation about how to set up VPN on your computer can be found at:
Still have a question?
Didn't find what you were looking for? Do you still have a question you need an answer to? Just click here to send us a message, and a memeber of our staff will contact you shortly.