MySQL Servers Hijacked With Malware To Perform DDoS Attacks

An anonymous reader writes with news of a malware campaign using hijacked MySQL servers to launch DDoS attacks. Symantec reports: "Attackers are compromising MySQL servers with the Chikdos malware to force them to conduct DDoS attacks against other targets. According to Symantec telemetry, the majority of the compromised servers are in India, followed by China, Brazil and the Netherlands, and are being used to launch attacks against an US hosting provider and a Chinese IP address."

They hijack database servers and use 'em for DDoS?

[Ungrounded+Lightning]

They hijack database servers and use them for DDoS attacks?

That's like breaking into a bank and using its postage meter to send paper spam.

What's WRONG with these people?

Re:Why?

[xxxJonBoyxxx]

>> Why is your MySQL server directly on the internet?

Did you read the part about the attacks being largely from India?

These are the people who flood forums with questions like, "My company just got a contract to do IT for [huge US corporation] and they use something called MySQL to hold all their online customers. My boss told me I need to make MySQL 'PCI compliant' this weekend but I've never used it before. Can you please tell me what PCI is and what I should type in MySQL to turn on PCI?"

Re:Only infects Windows MySQL servers?

[Major+Blud]

AC is right, this only seems to infect MySQL running on Windows systems:

http://www.symantec.com/connec...

It modifies registry entries that fool with Termial Services and other nasty stuff. You should be safe on Linux/BSD.