Thu, 27 Jan 2005
MySQL Worm Hits Windows Machines
You know you've hit the big time when you get your own worm! The MySpool
worm is turning badly configured MySQL installations (on Windows) into
zombies in a huge bot net. Now I'm not even going to ask why so many people
have MySQL installations listening to the network (Debian disables this by
default so bonus points to them) but it is depressing. To stop it doing
this just add "skip-networking" to the [mysqld] section of the config file.
I think it's about time someone wrote a MySQL vulnerability scanner to pick up weak passwords, unprotected accounts and similar. Judging by the number of machines out there that are being broken into by this thing there is a market...
For more technical coverage of the problem have a look at SecuiTeam's MySQL UDF Dynamic Library Exploit.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/27 23:07 | /security | Permanent link to this entry | This entry and same date
Copyright © 2000-2010 Dean Wilson
