Speaking Of Worms
Following up on Chris’s worm post, Red Database Security has an advisory on an Oracle worm.
On 31-october 2005 an anonymous poster (oracleworm@hushmail.com) released a proof-of-concept PL/SQL source code of an Oracle worm on the full disclosure mailing list. The worm is using the utl_tcp package to find other Oracle databases in the same subnet and uses private database links to connect to remote databases. The payload is harmless (creation of table called x in the remote database) but can be changed easily.
(Thanks, Arthur!)
testing