Has your SQL Server been acting up lately? No, I'm not referring to the typical database and operating system issues we all must endure. Rather, are you experiencing server sluggishness, erratic behavior, heavy network traffic, or an increase in server processor or memory utilization? Well, don't rule out a Trojan horse on your system. SQL Servers, like most other computers in your environment, are likely used to access the Internet and download and install software. These and other obvious stuff we do on a daily basis can provide a path for Trojan software to be installed. It may seem odd, but it's easy as pie for a server to become infected with malware – especially if it's not protected in the same ways as your end user systems.
When you come across strange things happening on your database server and before you spend countless hours trying to troubleshoot an application or database problem, run the following tests to rule out a Trojan infection.
Test for a Trojan horse on your SQL Server
Step 1: Scan your SQL Server for malware
Step 2: Look in the memory
Step 3: Look at open ports
Step 4: Peek into your network traffic
Step 5: Approach with a malicious mindset
ABOUT THE AUTHOR:
Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC . He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books, including Hacking Wireless Networks For Dummies, and Securing the Mobile Enterprise For Dummies (all by Wiley), as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach).
More information from SearchSQLServer.com
- Tip: Discover and lock down vulnerable SQL Server services
- Guide: SQL Server tools
- Learning Center: Top 10 SQL Server security tips
This was first published in October 2006