- Voyager (computer worm)
The Voyager worm is a
computer worm that was posted on the Internet onOctober 31 ,2005 , and is designed to target Oracle databases.Known variants
* First, non-malicious, example
October 31 ,2005
* Second exampleDecember 29 ,2005 which attempts to stop remote Oracle listeners on machines that have not been properly secured.Aliases
Affected platforms
* Any Operating System running
Oracle Database sActions
The October 31 variant has a harmless payload, but could easily be modified.
The December 29, 2005 version attempts to create private database links in affected databases, but the procedure to spread is missing. If activated, it will grant DBA to PUBLIC. An AFTER LOGON trigger may run which performs a Google search for its own code. The worm code tries to mail the username and password hashes to larry@oracle.com and oracle@
. It tricks the listener to reset the password for a well known database user. The clear intention is to increase the chances of successfully creating a private link to the database. * Application Security Inc. (2006). [http://www.appsecinc.com/resources/alerts/oracle/2006-01A.shtml "New Oracle Voyager Worm Variant"] . Retrieved Jan. 11 2006.
Spread
The October 31 variant tries to find other Oracle databases in the same subnet and uses private database links to connect to remote databases. The December 29 variant was posted incomplete, without a spreading mechanism.
Outbreaks
#
October 31 ,2005 – First posted on the Internet
#December 29 .2005 – Malicious variant (incomplete) posted on the InternetExternal links
* [http://www.oracle.com/technology/deploy/security/db_security/index.html Database Security (Oracle Corp)]
* [http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database.pdf Security Checklist (Oracle Corp)] (pdf file)
* [http://www.appsecinc.com/resources/alerts/oracle/2006-01A.shtml Voyager worm described] at Application Security Inc.
* [http://www.red-database-security.com/advisory/oracle_worm_voyager.html Analysis Voyager worm] at Red-Database-Security GmbH
Wikimedia Foundation. 2010.