Thats nifty. The way it spreds is pretty simple but the fact that its all sql. Awesome, Now theres a way to hide a worm. I think the authers of those links are right, its been proven it can be done. I think some one will finish the job, I wonder if you could have one worm that would work on pg/my/ms/oracle. I mean most of them come with default ports and usernames I do beleave. All the more reason to not have default passwords and to firewall.