"Especially worrying about this Oracle concept worm,
compared with the SQL Slammer pest, is that it actually
enters the database and can meddle with the data stored in
it, said Shlomo Kramer, CEO of security vendor Imperva.
"Today, the payload is not malicious. But adding a malicious
payload to it can do enormous damage," he said.
A variant of the worm could erase information or send it
somewhere else, Kramer noted. "The potential impact of this type
of database worm can be very serious," he said.
A hardened database would be protected against database
worm attacks, according to Kornbrust. "A real malicious Oracle
worm could destroy thousands of Oracle databases within hours
and cause a damage of several billion dollars," he said.