Slashdot Mirror


Worm Hits Windows Machines Running MySQL

UnderAttack writes "A report on the Australian whirlpool forum suggest that a worm is currently taking out MySQL servers running on Windows. We have seen this happen with MSSQL before (not just 'Slammer', but also SQLSnake that used SA accounts without password). The SANS Internet Storm Center suggests that a rise in port 3306 scans can be attributed to the new worm, and is asking for observations to help figure this out. It appears the worm creates a file called 'spoolcll.exe'."

1 of 367 comments (clear)

  1. I don't get it by gowen · · Score: 5, Interesting
    I don't understand the sans report. First it says :
    The bot uses the "MySQL UDF Dynamic Library Exploit".
    before adding
    This bot does not use any vulnerability in mysql.


    Come again?
    --
    Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.