MySQL databases targeted by worm

A worm has been detected that targets open source MySQL databases. It can compromise data and be used to launch a denial of...

Antony Savvas

A worm has been detected that targets open source MySQL databases. It can compromise data and be used to launch a denial of service attack.

The MySQL bot exploits weak MySQL installations on Windows-based platforms. The SANS Institute's Internet Storm Centre said thousands of MySQL databases have been infected so far.

SANS said the MySQL bot takes advantage of weak passwords and the database's support for remote configuration.

The bot uses the known "MySQL UDF Dynamic Library Exploit". In order to launch itself, the bot first has to authenticate to MySQL as the "root" user. A long list of passwords is included with the bot, and it will try a brute force technique to get the password.

SANS said MySQL users should use stronger passwords and make sure that their databases are protected by a firewall to stop the bot trying to spread via other internet servers.

Many MySQL users implement the database as a cheaper alternative to Microsoft's proprietary SQL Server platform.

More details on the threat can be found at:

http://isc.sans.org/diary.php?date=2005-01-27&isc=811c8d08470e11fdb8efdabfe5bee079

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Business applications

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close