Dear All
This message to inform you that ....

News Title : A Worm Effecting Microsoft SQL Server & Microsoft MSDE:
News Source: Norton AntiVirus & Microsoft Sites


What is W32.SQLExp.Worm and how does it affect me?
W32.SQLExp.Worm targets systems running Microsoft SQL Server 2000, as well as Microsoft Desktop Engine (MSDE) 2000. The worm sends 376 bytes to UDP port 1434, the SQL Server Resolution Service Port. Symantec Security Response has detected a significant increase in the unique number of source IPs scanning for UDP port 1434.
Symantec Security Response highly recommends all users of either Microsoft SQL Server 2000 or MSDE 2000 audit their machines for the vulnerabilities referred to in Microsoft Security Bulletin MS02-039 and Microsoft Security Bulletin MS02061.

Symantec Security Response also recommends configuring perimeter devices to block UDP traffic to port 1434 from unknown hosts. The worm has the unintended payload of performing a Denial of Service due to the large number of packets it sends out.


What action can I take from here?
Because the worm is only resident in memory, and is not written to disk, it is not detectable using virus definitions.

Symantec Security Response has provided a tool to remove infections of W32.SQLexp.Worm.

Click here to obtain the tool.
http://securityresponse.symantec.com/avcenter/venc/data/w32.sqlexp.worm.removal.tool.html

HTH