MySQL bot is finally stopped from causing further destruction
January 30th, 2005 Leave a comment Visited 31 times, 1 so far today
MySQL bot is finally stopped from causing further destruction
The recently discovered malware bot, which affected MySQL installations running on Windows Operating System based servers, has finally been halted from causing further destruction. The worm affected an approximate number of 8000 machines and has been labeled Spybot.ivq by the security firm Symantec. Not only the companies have been successfully in stopping the worm, they have also reportedly rendered it powerless to spread further.
The bot was based on an earlier discovered version labeled ‘Wootbot’, which was dependent on the MySQL UDF Dynamic Library Exploit. It uses brute force method of guessing passwords of vulnerable servers running MySQL on Windows platform. If it manages to crack the password of a server, it tried running an executable file through which it tries to search for more commands from predefined list of IRC servers.
Security firms have confirmed that latest anti-virus definitions should be able to catch the bot and the malicious code it carries. In addition, they recommend that the server administrators should use hard to guess passwords to protect their MySQL servers. Installing firewalls and monitoring suspicious activities can also lead to further protection from the worm.
What these security firms have done to disarm the bot is that they have cut off the channels from where the bot could have received further commands to carry out its execution and cause further damage on the internet. A representative of Symantec told the media: “We are just seeing residual infections. The worm cannot connect to those servers, so it has lost its control channel. Without those commands, the worm is not going to be able to spread. We are seeing a real graying of the lines. There is really a huge blur now between all the different kinds of threats.”
MySQL developers have confirmed that the Linux and UNIX based servers are safe from this bot and advised similar precautions in using stronger passwords for the servers.
|
TechWhack on Facebook
|
Related Posts |
Popular Posts
|
This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.