SQL Server, the new malware Maggie is infecting hundreds of SQL Servers

Hi guys,

We don’t usually talk about security, but I think it’s a good idea to keep your eyes open and stay informed.

A new malware named Maggie has been found by the Security researchers Johann Aydinbas and Axel Wauer from the DCSO CyTec.

Maggie has already infected over 250 Microsoft SQL servers worldwide although the most infected instances are found in South Korea, India, Vietnam, China, Russia, Thailand, Germany, and finally the United States.

An analysis of this new backdoor revealed that it disguises as an Extended Stored Procedure DLL whoose name is SQLMaggieAntivirus_64.dll dated 2022–04–12. and digitally signed by DEEPSoft Co. Ltd, a company that appears to be based in South Korea.

Maggie introduces a series of commands that an attacker can use to attack a SQL Server istance.

For example Brute-forcing admin passwords can be executed through the commands “SqlScan” and “WinSockScan”.

 

That'all for today!

Stay tuned and have a great week!
Luca


 



















Previous post: Databases and surroundings: Wikidata, SPARQL & Scarlett Johansson



Comments

  1. NeilDecember 25, 2022 at 6:57 PM

    your blog inspired me to create my own https://kaijulabs.blogspot.com, I do malware analysis on the latest threats.

    ReplyDelete

Post a Comment

I Post più popolari

SQL Server, execution plan and the lazy spool (clearly explained)

Image
Hi Guys, Welcome back! In one of the last posts we talked about Table Spool . We had explained what Spool are for by telling the somewhat curious story of the halloween problem . Here we specifically talked about a type of spool called Eager Spool   You can look to the execution plan below where the eager Spool is used to avoid the halloween problem in classic query of the "salary increase".. i suggest Well, if the story of the eager spool intrigued you, today instead we will speak about another type of Spool, the Lazy Spool . The Lazy spool Let's take a small step back. So, what is a Spool operation?  As we have already understood a spool operation is simply a temporary storage of data . Data are read from a source table and stored inside a worktable in the Tempdb database . While an Eager Spool is used to prevent the Halloween problem, the Lazy Spool is instead used to store data that will later be needed again when running a query . So, when a Lazy spool is used?    I
Read more

SQL Server, datetime vs. datetime2

Image
Hi guys, This time, in this post we will speak about datetime and datetime2 datatypes. We will talk about the pros and cons. We will talk about all the differences between the two types of data. Write me in the comments which type of data do you prefer between the two. Enjoy the reading!     Datetime Vs. Datetime2 First of all, it must be said that the datatype datetime is certainly the best known native format for storing a date in SQL Server. However, Microsoft has also been introducing a new type of data for many years now, also used to manage dates. It is in fact from SQL server 2008 that it is present in datetime2 data type. This "new" type of data was born primarily to have higher accuracy . Let's in fact talk about ... precision ! Datetime Certainly the datetime data type is not very precise and certainly there are many cases in which its precision is simply not sufficient. Let's see it with an example. Open the SQL Management studio (SSMS) and write the fo
Read more

How to solve EXECUTE Permission denied on object 'sp_send_dbmail'

Image
Hi guys, Welcome back ! Today a light five minute post to talk about this error: EXECUTE permission denied on object 'sp_send_dbmail', database 'msdb', schema 'dbo'. ..or in italian language: Autorizzazione execute negata per l'oggetto 'sp_send_dbmail' del database 'msdb' con schema 'dbo' The sp_send_dbmail You know that this stored procedure is used to send a mail through SQL server. You know also that this stored procedure is contained into the MSDB system Databases. But if you get the error above? What can you do? How to solve the execute permission denied on sp_send_dbmail You should consider that: Your user must be in the MSDB database.  Your user must be also member of the DatabaseMailUserRole .  You can solve the problem in this way: 1) In the Object Explorer of the SQL Server management Studio, locate the Security / Account menu. Locate your user and do a double click on it. 2) In the opene
Read more