New DDoS Tool Spreading by IRC

According to a report by the SecurityFocus team, a new Distributed Denial of Service (DDoS) tool is spreading rapidly across the Internet. The team says that the DDoS tool propagates in ways previously seen only in worms.

The DDoS tool, Voyager Alpha Force, spreads into an unprotected Microsoft SQL Server system by scanning networks for SQL Server systems and trying to access those servers based on a predefined password. According to the team, Voyager Alpha Force appears to be a modified and enhanced version of another DDoS tool, Kaiten. Voyager Alpha Force uses a password-protected Internet Relay Chat (IRC) channel to let an attacker directly control the DDoS tool. The attacker can use the IRC channel to issue commands (such as orders to attack or spread) to agents running on infected systems.

SQL Server users should ensure that they've properly protected their system administrator accounts and ensure that no accounts contain blank passwords. Users should also consider blocking Internet traffic to their SQL Server systems, which typically operates on port 1433.