MySQL Worm Hits Windows Machines

You know you’ve hit the big time when you get your own worm! The MySpool worm is turning badly configured MySQL installations (on Windows) into zombies in a huge bot net. Now I’m not even going to ask why so many people have MySQL installations listening to the network (Debian disables this by default so bonus points to them) but it is depressing. To stop it doing this just add “skip-networking” to the [mysqld] section of the config file.

I think it’s about time someone wrote a MySQL vulnerability scanner to pick up weak passwords, unprotected accounts and similar. Judging by the number of machines out there that are being broken into by this thing there is a market…

For more technical coverage of the problem have a look at SecuiTeam’s MySQL UDF Dynamic Library Exploit.