Malware Bot attacks MySQL running on Windows servers

Malware Bot attacks MySQL running on Windows servers

We are used to seeing worms and viruses for Windows Operating System. We even saw a malware code, which affected a very popular open source discussion board software on the internet. The latest news in is even more disturbing. One of the most popular database systems used in websites on the Internet MySQL is being attacked by a malware bot. The interesting bit is that it is affecting only those servers, which are running MySQL on Windows platform.

Experts are calling this bot a UDF worm as it uses a User Defined Function used by developers to make their customized functions. And it is spreading rapidly on the Internet affecting servers running MySQL on Windows. Considering the techniques used by the worm are related to vulnerabilities found on Windows platform, there are little chances of it appearing on the *nix platform based servers running MySQL.

Security companies have also noticed that the worm is based on an earlier discovered variant `Wootbot` and also contains code that could result in DDoS attacks. It might also contain commands to extract information from server systems, which can be critical for the security of the web servers. Servers that are poorly configured are good targets for infection by this bot as it tries to affect new victims by authenticating itself as a ‘root user’ through brute force via a preset list of passwords.

MySQL developers have stated that the problem does not exist entirely with their software. Instead, network administrators should take care of locking their servers properly with good security and use tough to guess passwords. They also recommend that System administrators should check whether their servers are scanning for IRC servers, as it is one of the ways of spreading for this particular worm.