Voyager (computer Worm)
   HOME

TheInfoList



Click Here for Items Related To - Voyager (computer Worm)
OR:
Voyager (computer Worm) on:   [Wikipedia]   [Google]   [Amazon]

The Voyager worm is a
computer worm A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It wil ...
that was posted on the
Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
on October 31, 2005, and is designed to target
Oracle Database Oracle Database (commonly referred to as Oracle DBMS, Oracle Autonomous Database, or simply as Oracle) is a multi-model database management system produced and marketed by Oracle Corporation. It is a database commonly used for running online t ...
s.


Known variants

* First, non-malicious, example: October 31, 2005. * Second example: December 29, 2005; attempts to stop remote
Oracle An oracle is a person or agency considered to provide wise and insightful counsel or prophetic predictions, most notably including precognition of the future, inspired by deities. As such, it is a form of divination. Description The word '' ...
listeners on machines that have not been properly secured.


Affected platforms

* Any
Operating System An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
running
Oracle Database Oracle Database (commonly referred to as Oracle DBMS, Oracle Autonomous Database, or simply as Oracle) is a multi-model database management system produced and marketed by Oracle Corporation. It is a database commonly used for running online t ...
s


Actions

The October 31 variant has a harmless
payload Payload is the object or the entity which is being carried by an aircraft or launch vehicle. Sometimes payload also refers to the carrying capacity of an aircraft or launch vehicle, usually measured in terms of weight. Depending on the nature of ...
, but could easily be modified. The December 29, 2005 version attempts to create private
database In computing, a database is an organized collection of data stored and accessed electronically. Small databases can be stored on a file system, while large databases are hosted on computer clusters or cloud storage. The design of databases sp ...
links in affected databases, but the procedure to spread is missing. If activated, it will grant DBA to PUBLIC. An AFTER LOGON trigger may run, which performs a
Google Google LLC () is an American multinational technology company focusing on search engine technology, online advertising, cloud computing, computer software, quantum computing, e-commerce, artificial intelligence, and consumer electronics. ...
search for its own
code In communications and information processing, code is a system of rules to convert information—such as a letter, word, sound, image, or gesture—into another form, sometimes shortened or secret, for communication through a communication ...
. The worm code tries to mail the
username A user is a person who utilizes a computer or network service. A user often has a user account and is identified to the system by a username (or user name). Other terms for username include login name, screenname (or screen name), accoun ...
and
password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
hashes to larry@oracle.com and oracle@. It tricks the user to reset the password for a well known database user. The clear intention is to increase the chances of successfully creating a private link to the database.{{cite web, publisher=Application Security Inc., url=http://www.appsecinc.com/resources/alerts/oracle/2006-01A.shtml , title=New Oracle Voyager Worm Variant , access-date=January 11, 2006 , archive-url=https://web.archive.org/web/20121130054308/http://www.appsecinc.com/resources/alerts/oracle/2006-01A.shtml, archive-date=2012-11-30


Spread

The October 31 variant tries to find other Oracle databases in the same
subnet A subnetwork or subnet is a logical subdivision of an IP network. Updated by RFC 6918. The practice of dividing a network into two or more networks is called subnetting. Computers that belong to the same subnet are addressed with an identical ...
and uses private database links to connect to remote databases. The December 29 variant was posted incomplete, without a spreading mechanism.


Outbreaks

# October 31, 2005 – First posted on the Internet # December 29, 2005 – Malicious variant (incomplete) posted on the Internet


References


External links


Database Security (Oracle Corp)

Security Checklist (Oracle Corp)
(pdf file)
Voyager worm described
at Application Security Inc.

at Red-Database-Security GmbH Computer worms