A worm has been detected that targets open source MySQL databases. It can compromise data and be used to launch a denial of service attack.
The MySQL bot exploits weak MySQL installations on Windows-based platforms. The SANS Institute's Internet Storm Centre said thousands of MySQL databases have been infected so far.
SANS said the MySQL bot takes advantage of weak passwords and the database's support for remote configuration.
The bot uses the known "MySQL UDF Dynamic Library Exploit". In order to launch itself, the bot first has to authenticate to MySQL as the "root" user. A long list of passwords is included with the bot, and it will try a brute force technique to get the password.
SANS said MySQL users should use stronger passwords and make sure that their databases are protected by a firewall to stop the bot trying to spread via other internet servers.
Many MySQL users implement the database as a cheaper alternative to Microsoft's proprietary SQL Server platform.
More details on the threat can be found at: