Worm Hits Windows Machines Running MySQL 367
UnderAttack writes "A report on the Australian whirlpool forum suggest that a worm is currently taking out MySQL servers running on Windows. We have seen this happen with MSSQL before (not just 'Slammer', but also SQLSnake that used SA accounts without password). The SANS Internet Storm Center suggests that a
rise in port 3306 scans can be attributed to the new worm, and is asking for observations to help figure this out. It appears the worm creates a file called 'spoolcll.exe'."
That's why... (Score:0, Interesting)
Solid reliability, transaction support, and a good security track record. Probably the best thing short of switching to an AS/400.
slashdot's super post editing strikes again! (Score:0, Interesting)
I don't get it (Score:5, Interesting)
Come again?
Not surprising (Score:2, Interesting)
Ok, this is strange (Score:2, Interesting)
I am running mySQL 4.0.x...
I guess it's time to see what's going on.
I do keep all ports closed, all mySQL passwords are secure, no remote access to mySQL. It's just for dev purposes.
Not sure if there is a connection, but I'm going to look into it.
MySQL in practice (Score:5, Interesting)
I stood up MySQL on a Linux box and on a Win2k box to show that, unlike MSSQL, MySQL ran on more than one platform. One database could be deployed to both platforms with the ability to keep the application running even if one goes down. Instead of having the app be entirely offline, you can bring the other over very quickly. Did this just after the first MSSQL worm to show that there are alternatives and that entire sites don't have to go down because of one bug. Now we're working on deploying some Linux clusters.
Re:Don't keep the port open! (Score:5, Interesting)
Re:Windows (Score:3, Interesting)
How does the installer do this, considering that root password is stored in hashed format, and thus should be theoretically unviewable ? Does the installer brute-force it, or does MySQL accept passwords in their hashed form, or does the installer simply ask the root password and then verify it ?
I've got a bullseye on my forehead (Score:1, Interesting)
(And don't you dare
MyWorm (Score:3, Interesting)
What a load of rubbish (Score:1, Interesting)
If you installed ANY database on ANY system and didn't take efforts to lock it down then you are an idiot.
This worm only affect people that made all three classic errors below:
1) Didn't set up a useful firewall
2) Didn't lock down the administrator access
3) Didn't set a secure root password for the DB.
Well, now you know where you went wrong and should learn a bit about system security.
On top of all the above, you have to be running an operating system that has been configured to allow a new data file to be created by the DB then loaded as executable code. That is also poor system administration - you should NOT give a DB app rights to create executable files.
The old saying is always true:
Wise people learn from other people's mistakes
Most people learn from their own mistakes
Fools never learn at all....
Yahoo Finance (Score:1, Interesting)
Yahoo Error [yahoo.com]
Re:Acronym madness clarification. (Score:3, Interesting)
This is a flaw in Windows version of MySQL. Your comment is entirely beside the point.
Re:MyWorm (Score:3, Interesting)
But let's assume people do what you say and your scenario would happen. Why would this be a vulnerablity? What is the problem? Actually, I see it as another advantage of OOS. With binary software, you *have* to use a work-around until a fix comes, and you *have* to hope that a fix will be part of the next patch-day.
IMHO, it would probably happen as it happened with the Linux kernel some days ago: one good soul offers to maintain a fork with security patches. All is well. Where is the problem again?
"Fork" is often used as a bad word, a worst-case scenario, when it isn't. There are a lot of distributions, and in some way, they are all forks of a lot of packages they contain (any Linux distro still delivering their main kernel unpatched?). The world still stands.
Forks become a problem, if there happen too many and if they happen due to social problems and leave people not cooperating (because then it becomes unrealistic to backport all those patches). But in the scenario you suggest, I see people working together. Someone just taking some load from the main project.