The worm scans local subnets looking for other database servers, and then tries various common username and password combinations. If this succeeds, a table 'x' is placed on the server and the cycle is repeated. With the source code in the wild, it is trivial to change this table creation to something less benign.
Oracle has been criticized in the past for its lax response to security issues, and given the companys prior slogan of being "Unbreakable" this worm shows the importance of acting swiftly on vulnerabilities, before they become widespread problems.
A summary of the worm contains suggestions on protecting yourself - several of which are basic - such as changing default passwords. Although seemingly simple, these basic steps are often overlooked in the midst of patching, testing, and the plethora of other security related duties. That's one 'whoops' many administrators won't want on their resume however, making it wise to double-check.
Posted by: Peter Laborge