TechTarget

MySQL databases targeted by worm

A worm has been detected that targets open source MySQL databases. It can compromise data and be used to launch a denial of...

Antony Savvas

A worm has been detected that targets open source MySQL databases. It can compromise data and be used to launch a denial of service attack.

The MySQL bot exploits weak MySQL installations on Windows-based platforms. The SANS Institute's Internet Storm Centre said thousands of MySQL databases have been infected so far.

SANS said the MySQL bot takes advantage of weak passwords and the database's support for remote configuration.

The bot uses the known "MySQL UDF Dynamic Library Exploit". In order to launch itself, the bot first has to authenticate to MySQL as the "root" user. A long list of passwords is included with the bot, and it will try a brute force technique to get the password.

SANS said MySQL users should use stronger passwords and make sure that their databases are protected by a firewall to stop the bot trying to spread via other internet servers.

Many MySQL users implement the database as a cheaper alternative to Microsoft's proprietary SQL Server platform.

More details on the threat can be found at:

http://isc.sans.org/diary.php?date=2005-01-27&isc=811c8d08470e11fdb8efdabfe5bee079

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close