Worm Hits Windows Machines Running MySQL

UnderAttack writes "A report on the Australian whirlpool forum suggest that a worm is currently taking out MySQL servers running on Windows. We have seen this happen with MSSQL before (not just 'Slammer', but also SQLSnake that used SA accounts without password). The SANS Internet Storm Center suggests that a rise in port 3306 scans can be attributed to the new worm, and is asking for observations to help figure this out. It appears the worm creates a file called 'spoolcll.exe'."

well :)

[rd4tech]

We have seen this happen with MSSQL before.

it was a news with a slamming facts in it

Bandwidth comparison, please ?

[LordPixie]

What is going to soak up more of the Internet's bandwidth ? A MySQL worm port scanning every IP in existance, or a gigantic mob of Slashdotters flaming Microsoft because it only affects Windows machines ? And will either of them even come close to breaking the current record held by BitTorrent Porn ?

For the stirring conclusion, stay tuned to Netcraft: As the Internet turns...


--LordPixie

I want my money back!

[netsavior]

Man if I had known that this software was vulnerable to worms I would never have bought it.

MySQL a real DB?

[Atomizer]

Does this mean MySQL is considered a real DB now?

Re:Ok, this is strange

[stanleypane]

You seem very concerned. Better submit that last Slashdot comment before checking it out.

serious?

[dtfinch]

"the bot first has to authenticate to mysql as 'root' user. A long list of passwords is included with the bot, and the bot will brute force the password."

This makes MySQL look about as vulnerable as ssh.

Good

[Pan T. Hose]

Does it mean that MySQL is now officially "ready for the desktop"? Hopefully, the Linux version will be next.

Re:So it's the admins' fault?

[sloanster]

Let me make sure that my understanding is aligned with the Slashbot collective.

When a clueless admin doesn't secure Windows, it's Windows' fault. But when a clueless admin doesn't secure an OSS application, it's the admin's fault.

Yes, you've got the drill down pat:

Whenever another windows security crisis arises, immediately try to make light of it with sarcasm like what you've written above. The whole idea is to start a flamewar, and divert attention away from the real issues. Extra points if you can manage to insult linux, and linux users in the process.

You have done well.

Re:Acronym madness clarification.

[DrSkwid]

almost there, try this :

A server should not have root accounts.

there, that's more like it

Re:That's why...

[notque]

Most serious people deploy PostgreSQL on Windows, if they're deploying anything on it at all.

Solid reliability, transaction support, and a good security track record. Probably the best thing short of switching to an AS/400.

You are a chewley's gum representitive? and you're here stiring up all this commontion for what? To sell more gum?

Get outta here.