News

MySQL databases targeted by worm

Antony Savvas

Antony Savvas

A worm has been detected that targets open source MySQL databases. It can compromise data and be used to launch a denial of service attack.

The MySQL bot exploits weak MySQL installations on Windows-based platforms. The SANS Institute's Internet Storm Centre said thousands of MySQL databases have been infected so far.

SANS said the MySQL bot takes advantage of weak passwords and the database's support for remote configuration.

The bot uses the known "MySQL UDF Dynamic Library Exploit". In order to launch itself, the bot first has to authenticate to MySQL as the "root" user. A long list of passwords is included with the bot, and it will try a brute force technique to get the password.

SANS said MySQL users should use stronger passwords and make sure that their databases are protected by a firewall to stop the bot trying to spread via other internet servers.

Many MySQL users implement the database as a cheaper alternative to Microsoft's proprietary SQL Server platform.

More details on the threat can be found at:

http://isc.sans.org/diary.php?date=2005-01-27&isc=811c8d08470e11fdb8efdabfe5bee079


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy