Slashdot Mirror

← Back to Stories (view on slashdot.org)

Worm Hits Windows Machines Running MySQL

Posted by michael on from the batten-the-ports-prepare-for-heavy-weather dept.

UnderAttack writes "A report on the Australian whirlpool forum suggest that a worm is currently taking out MySQL servers running on Windows. We have seen this happen with MSSQL before (not just 'Slammer', but also SQLSnake that used SA accounts without password). The SANS Internet Storm Center suggests that a rise in port 3306 scans can be attributed to the new worm, and is asking for observations to help figure this out. It appears the worm creates a file called 'spoolcll.exe'."

4 of 367 comments (clear)

  1. solution by its_not_a_tumah · · Score: -1, Offtopic

    so we've got tsunamis in asia, droughts in africa, worms in australia.... frank: "here, this here wombat 'ill toyk kehr of um"

  2. Re:Your not from the Marketing dept, by Uptown+Joe · · Score: -1, Offtopic

    Are you?

  3. Re:slashdot's super post editing strikes again! by Anonymous Coward · · Score: -1, Offtopic

    Requirements to get a story on /.
    1. Must bash MS or any of a number of companies on the "not cool" list
    2. If a story does not fit #1 then random pieces of info should be thrown in to make it fit #1
    3. If there is any chance that a story could bash *nix, #2 should be used to prevent this.

  4. Re:Windows by Anonymous Coward · · Score: -1, Offtopic

    What does a web browser have to do with anything?