Slashdot Mirror

← Back to Stories (view on slashdot.org)

Worm Hits Windows Machines Running MySQL

Posted by michael on from the batten-the-ports-prepare-for-heavy-weather dept.

UnderAttack writes "A report on the Australian whirlpool forum suggest that a worm is currently taking out MySQL servers running on Windows. We have seen this happen with MSSQL before (not just 'Slammer', but also SQLSnake that used SA accounts without password). The SANS Internet Storm Center suggests that a rise in port 3306 scans can be attributed to the new worm, and is asking for observations to help figure this out. It appears the worm creates a file called 'spoolcll.exe'."

5 of 367 comments (clear)

  1. Re:Windows by TedCheshireAcad · · Score: 4, Insightful

    Don't laugh - it happens. MSSQL is 'spensive, and for an all-windows environment that needs a database - MySQL wins the prize.

    /took your comment too seriously

  2. Re:Clarity by Anonymous Coward · · Score: 3, Insightful

    That doesn't change the fact that there are flaws in MySQL that need to be fixed.

  3. In fairness by wowbagger · · Score: 4, Insightful

    In fairness, I would generalize your statement to:

    Don't connect ANY computer to the Internet, or any other hostile network, without a firewall.

    Now, you can argue that, in the case of some operating systems, the firewall built into the OS, when properly configured, is enough.

    You can also argue that a firewall should be a firewall, and a firewall ONLY, and that any other services should be provided by another machine BEHIND the firewall.

    And depending upon the circumstances, either argument can win.

    However, if you think in terms of "First the firewall, THEN the services", you will be miles ahead.

    Connecting a Linux box, or a *BSD box, or a Mac, or an AS/400, or .* to a hostile network with any non-trivial set of services running and no firewall, and it is going to have problems.

    The problem here is that the people who set up the MySQL servers on these boxes did not insure they were firewalled - this could have happened just as easily to a Linux box with a similarly bad setup.

    --
    www.eFax.com are spammers
  4. MySQL on Win32, market share by HvitRavn · · Score: 4, Insightful

    No need to flame people who use MySQL on win32. This has been briefly mentioned already, but here's a slightly better explanation. One of MySQL's major advantages over other free medium-to-lightweight (such as pgsql) is that MySQL has been available for the win32 platform for a very long period of time (if you are about to mention firebird, take a look here). This enabled developers to install their webserver of choice (apache) with some cool script mod (php) alongside a database well suited for small to medium web projects (mysql). So if you are a supporter of (F)OSS, then you better not flame people who use MySQL on win32, because that is one of the reasons why MySQL is so popular today.

  5. Re:That's why... by Dysan2k · · Score: 4, Insightful

    You can chalk this one up to careless admins - something I'm sure PostgreSQL is not immune to either.

    Nothing is. Postgres folk can cry all they want, and so can MySQL, mSQL, Oracle, Informix, Sybase, Firebird, etc. It makes no difference. If you have no password, you can get into it.

    Amazes me sometimes the rabidness of the db crowd. It's a database, folks. It stores data. It's not an AI.

    --
    -What have you contributed lately?