Slashdot Mirror

← Back to Stories (view on slashdot.org)

Worm Hits Windows Machines Running MySQL

Posted by michael on from the batten-the-ports-prepare-for-heavy-weather dept.

UnderAttack writes "A report on the Australian whirlpool forum suggest that a worm is currently taking out MySQL servers running on Windows. We have seen this happen with MSSQL before (not just 'Slammer', but also SQLSnake that used SA accounts without password). The SANS Internet Storm Center suggests that a rise in port 3306 scans can be attributed to the new worm, and is asking for observations to help figure this out. It appears the worm creates a file called 'spoolcll.exe'."

10 of 367 comments (clear)

  1. well :) by rd4tech · · Score: 1, Funny

    We have seen this happen with MSSQL before.

    it was a news with a slamming facts in it

  2. Bandwidth comparison, please ? by LordPixie · · Score: 4, Funny

    What is going to soak up more of the Internet's bandwidth ? A MySQL worm port scanning every IP in existance, or a gigantic mob of Slashdotters flaming Microsoft because it only affects Windows machines ? And will either of them even come close to breaking the current record held by BitTorrent Porn ?

    For the stirring conclusion, stay tuned to Netcraft: As the Internet turns...


    --LordPixie

  3. I want my money back! by netsavior · · Score: 3, Funny

    Man if I had known that this software was vulnerable to worms I would never have bought it.

  4. MySQL a real DB? by Atomizer · · Score: 4, Funny

    Does this mean MySQL is considered a real DB now?

  5. Re:Ok, this is strange by stanleypane · · Score: 5, Funny

    You seem very concerned. Better submit that last Slashdot comment before checking it out.

  6. serious? by dtfinch · · Score: 4, Funny

    "the bot first has to authenticate to mysql as 'root' user. A long list of passwords is included with the bot, and the bot will brute force the password."

    This makes MySQL look about as vulnerable as ssh.

  7. Good by Pan+T.+Hose · · Score: 2, Funny

    Does it mean that MySQL is now officially "ready for the desktop"? Hopefully, the Linux version will be next.

    --
    Sincerely,
    Pan Tarhei Hosé, PhD.
    "Homo sum et cogito ergo odi profanum vulgus et libido."
  8. Re:So it's the admins' fault? by sloanster · · Score: 2, Funny

    Let me make sure that my understanding is aligned with the Slashbot collective.

    When a clueless admin doesn't secure Windows, it's Windows' fault. But when a clueless admin doesn't secure an OSS application, it's the admin's fault.

    Yes, you've got the drill down pat:

    Whenever another windows security crisis arises, immediately try to make light of it with sarcasm like what you've written above. The whole idea is to start a flamewar, and divert attention away from the real issues. Extra points if you can manage to insult linux, and linux users in the process.

    You have done well.

  9. Re:Acronym madness clarification. by DrSkwid · · Score: 2, Funny

    almost there, try this :

    A server should not have root accounts.

    there, that's more like it

    --
    There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
  10. Re:That's why... by notque · · Score: 2, Funny

    Most serious people deploy PostgreSQL on Windows, if they're deploying anything on it at all.

    Solid reliability, transaction support, and a good security track record. Probably the best thing short of switching to an AS/400.

    You are a chewley's gum representitive? and you're here stiring up all this commontion for what? To sell more gum?

    Get outta here.

    --
    http://use.perl.org