Worm Hits Windows Machines Running MySQL
UnderAttack writes "A report on the Australian whirlpool forum suggest that a worm is currently taking out MySQL servers running on Windows. We have seen this happen with MSSQL before (not just 'Slammer', but also SQLSnake that used SA accounts without password). The SANS Internet Storm Center suggests that a
rise in port 3306 scans can be attributed to the new worm, and is asking for observations to help figure this out. It appears the worm creates a file called 'spoolcll.exe'."
What is going to soak up more of the Internet's bandwidth ? A MySQL worm port scanning every IP in existance, or a gigantic mob of Slashdotters flaming Microsoft because it only affects Windows machines ? And will either of them even come close to breaking the current record held by BitTorrent Porn ?
For the stirring conclusion, stay tuned to Netcraft: As the Internet turns...
--LordPixie
Does this mean MySQL is considered a real DB now?
You seem very concerned. Better submit that last Slashdot comment before checking it out.
"the bot first has to authenticate to mysql as 'root' user. A long list of passwords is included with the bot, and the bot will brute force the password."
This makes MySQL look about as vulnerable as ssh.