Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 Known variants 2 Affected platforms 3 Actions 3.1 Spread 4 Outbreaks 5 References 6 External links

Voyager (computer worm)

Add links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia

This article includes a list of references, related reading, or external links, but its sources remain unclear because it lacks inline citations. Please help improve this article by introducing more precise citations. (March 2010) (Learn how and when to remove this message)

The Voyager worm is a computer worm that was posted on the Internet on October 31, 2005, and is designed to target Oracle Databases, proprietary database management system developed by Oracle.

Known variants[edit]

First, non-malicious, example: October 31, 2005.
Second example: December 29, 2005; attempts to stop remote Oracle listeners on machines that have not been properly secured.

Affected platforms[edit]

Any Operating System running Oracle Databases

Actions[edit]

The October 31 variant has a harmless payload, but could easily be modified.

The December 29, 2005 version attempts to create private database links in affected databases, but the procedure to spread is missing. If activated, it will grant DBA to PUBLIC. An AFTER LOGON trigger may run, which performs a Google search for its own code. The worm code tries to mail the username and password hashes to larry@oracle.com and oracle@random IP address. It tricks the user to reset the password for a well known database user. The clear intention is to increase the chances of successfully creating a private link to the database.^[1]

Spread[edit]

The October 31 variant tries to find other Oracle databases in the same subnet and uses private database links to connect to remote databases. The December 29 variant was posted incomplete, without a spreading mechanism.

Outbreaks[edit]

October 31, 2005 – First posted on the Internet
December 29, 2005 – Malicious variant (incomplete) posted on the Internet

References[edit]

^ "New Oracle Voyager Worm Variant". Application Security Inc. Archived from the original on 2012-11-30. Retrieved January 11, 2006.

External links[edit]

Analysis Voyager worm at Red-Database-Security GmbH

Retrieved from "https://en.wikipedia.org/w/index.php?title=Voyager_(computer_worm)&oldid=1214680910" Category: ●Computer worms Hidden categories: ●Articles lacking in-text citations from March 2010 ●All articles lacking in-text citations ●This page was last edited on 20 March 2024, at 13:57 (UTC). ●Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. ●Privacy policy ●About Wikipedia ●Disclaimers ●Contact Wikipedia ●Code of Conduct ●Developers ●Statistics ●Cookie statement ●Mobile view