Recently, a proof-of-concept worm targetting Oracle databases with default user accounts and passwords was posted on Full-Disclosure. The worm looks for remote Oracle databases through the use of UTL_TCP package. It creates table X in the remote database (harmless but there could always be other ways to turn it into something else) upon discovery of the username and password. Currently, the worm code that TMIRT has acquired is not of a big threat but heads up though for possible other variants that may sooner or later evolve.
You can find more in this following links:
Oracle Worm In The Wild
Analysis and Protection
You can find more in this following links:
Oracle Worm In The Wild
Analysis and Protection