Web www.software-risk.co.uk

Just as the sun coming up in the morning is inevitable, today we have a worm attacking Windows servers.

Vulnerable installations of MySQL are the entry point for the worm. MySQL is an open source database. The weak points are administrative passwords which the MySpooler worm can use to log on to target systems. The MySQL UDF Dynamic Library is used to upload malicious code. (In this case a backdoor program, Wootbot).

An IRC channel on an infected system is logged onto. The systems then become drones in a network programmed to search for new victims.

4,500 systems per hour may have been infected in the early hours of spreading, according to intrusion firm PrevX.

Only MySQL running on Windows systems are affected. Although MySQL does have a UNIX version this is not as new as 4.0.21 which is where the vulnerability occurs.

Various suggested defence measures include, restricting access to root accounts, blocking port 3306 on firewalls and using strong passwords to deny brute force.

Related Articles
Messaging - WORM
MySQL and Red Hat
Anti-Virus Indifference Fear
Eight Patches - Five Critical from Microsoft
MySQL Upgrade In Beta
Saddam Hussein Dead?
Microsoft Meet DOJ on Longhorn
Microsoft Uses Patches Against Piracy

Similar Areas

Windows Items

MySql Items

Unix Items

Database Items

Open Source Items

Selected Books

Keywords

worm

Windows

Windows security

MySql

open source database

MySQL security

MySpooler

Wootbot

PrevX

port 3306

brute force attacks