MySQL databases targeted by worm


MySQL databases targeted by worm

Antony Savvas

Antony Savvas

A worm has been detected that targets open source MySQL databases. It can compromise data and be used to launch a denial of service attack.

The MySQL bot exploits weak MySQL installations on Windows-based platforms. The SANS Institute's Internet Storm Centre said thousands of MySQL databases have been infected so far.

SANS said the MySQL bot takes advantage of weak passwords and the database's support for remote configuration.

The bot uses the known "MySQL UDF Dynamic Library Exploit". In order to launch itself, the bot first has to authenticate to MySQL as the "root" user. A long list of passwords is included with the bot, and it will try a brute force technique to get the password.

SANS said MySQL users should use stronger passwords and make sure that their databases are protected by a firewall to stop the bot trying to spread via other internet servers.

Many MySQL users implement the database as a cheaper alternative to Microsoft's proprietary SQL Server platform.

More details on the threat can be found at:

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy