A malicious code capable of exploiting security vulnerabilities and causing severe damage to Oracle database software has been modified and widely redistributed on the Internet, ringing alarm bells about a new wave of attacks.
Just two months after an anonymous researcher first published an example of a computer worm exploiting vulnerabilities in Oracle database software, this malicious code has been studied, enhanced, and redistributed through the Full Disclosure mailing list. This marks yet another technique for attacking this database system.
However, Alexander Kornbrust, CEO of database security firm GmbH, believes that, “These types of attack methods are still largely theoretical, and I do not think database applications are at risk from such threats. If you are managing a large company with hundreds of valuable databases, this code is indeed a destroyer. This malware could very well be developed into a complete worm. Caution is probably the best course of action.”
Kornbrust, a well-known expert in security research on Oracle products, claims that he has also developed an effective attack method using default usernames and passwords in Oracle databases.
Aaron Newman, a senior technology engineer at Application Security Inc., describes this new code as “much more advanced” than the previous version. “However, it still lacks practical applicability for widespread distribution, despite its potential.”
Kornbrust advises database administrators to be cautious in the face of threats from vulnerabilities in workstations combined with dangerous code exploiting Oracle security flaws. “A successful attack could target database applications through a Windows vulnerability, gaining system access to use Oracle worms to cause serious damage.”
