Fandom

Malware Wiki

Voyager

1,345pages on
this wiki
Add New Page
Comments0 Share
Smallwikipedialogo
Most of this page uses content from Wikipedia. The original article was at Voyager(computer worm). The page may have contained some inaccurate or outdated information, so please edit it so it contains better information.
The list of authors can be seen in the page history. As with Malware Wiki, the text of Wikipedia is available under the Creative Common Attribution-ShareAlike 3.0 License.
Remove this template when most of the Wikipedia content has been removed or the Wikipedia information is outnumbered by non-Wikipedia information.
The Voyager worm is a worm that was posted on the Internet on October 31, 2005, and is designed to target Oracle databases.

Known variants First, non-malicious, example October 31, 2005.

Second example December 29, 2005, which attempts to stop remote Oracle listeners on machines that have not been properly secured.

Affected platforms Any Operating System running Oracle Databases.

Actions

The October 31 variant has a harmless payload, but could easily be modified.

The December 29, 2005 version attempts to create private database links in affected databases, but the procedure to spread is missing. If activated, it will grant DBA to PUBLIC. An AFTER LOGON trigger may run which performs a Google search for its own code. The worm code tries to mail the username and password hashes to larry@oracle.com and <random oracle@<random ip>. It tricks the listener to reset the password for a well known database user. The clear intention is to increase the chances of successfully creating a private link to the database.

Spread

The October 31 variant tries to find other Oracle databases in the same subnet and uses private database links to connect to remote databases. The December 29 variant was posted incomplete, without a spreading mechanism.

Outbreaks# October 31, 2005 – First posted on the Internet
# December 29, 2005 – Malicious variant (incomplete) posted on the Internet

 External links

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.