Bill Brenner of SearchSecurity.com writes:

Voyager is a proof-of-concept worm that doesn’t seem capable of spreading in its current form. But security experts worry it’s a sign that the digital underground is salivating over Oracle’s growing list of flaws and is getting ready to pounce.

“The code looks incomplete as the worm does not replicate itself. This could be changed,” Pete Finnigan, an Oracle expert and author of Oracle Security Step By Step, warned in his blog Tuesday. “This is a worrying new event for anyone running insecure databases. Take simple precautions, revoke the execute privileges on UTL_TCP, change all default passwords, do not use 1521 for the listener and disable local authentication on the 10g listener and instead use a strong password.”

[Continue reading Voyager worm targets Oracle databases]

Tags: oracle, voyager worm, proof-of-concept, oracle security, pete finnigan