SQLExp makes use of a known security exploit in Microsoft SQL Server 2000 and MSDE 2000. Appropriately fabricated UDP packets can exploit can force SQL server to run arbitrary code. The worm uses this buffer overflow to activate on target systems. After activation the worm send itself in endless loop to randomly selected IP addresses. The only malicious affect of the worm is the network load generated by the outgoing packets.
Due to its special mechanism the worm does not save itself to infected computers. It can only be found in the memory of affected systems or as UDP packets running through the Internet. SQLExp does not affect home users, only the systems running MS SQL server 2000 are affected.
The removal of the worm can be accomplished by installing the security patch described in security bulletin MS02-039 or SQL 2000 Service Pack 3 and restarting the SQL server.
| 
Nem
Low
