Setting up a Microsoft SQL server with a stupid simple password like sa for the sa user is hard. First of all, Microsoft implemented a default password policy that you need to disable. And then, when you finally Googled your way through how to disable it width:300px” />
A little bit odd is the distribution in TTLs. I am still trying to see if this is just an artifact in how I collected the data. Since MSSQL typically runs on Windows, I would expect the scans to originate from Windows systems that got compromised by this bot/worm. But instead, the majority of TTLs are just short of 255. So not even the Unix standard width:300px” />
—
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
STI|Twitter|
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.