A worm that takes advantage of administrators' poor password choices has started spreading among database systems.
The malicious program, known as the "MySQL bot" or by the name of its executable code, SpoolCLL, infects computers running the Microsoft Windows operating system and open-source database known as MySQL, the Internet Storm Center said in an advisory published Thursday. Early indications suggest that more than 8,000 computers may be infected so far, said the group, which monitors network threats.
The worm gets initial access to a database machine by guessing the password of the system administrator, using common passwords. It then uses a flaw in MySQL to run another type of program, known as bot software, which then takes full control of the system.
Passwords have moved from a security measure to a security risk, Microsoft says.
"A long list of passwords is included with the bot, and the bot will brute-force the password," the Internet Storm Center said in its advisory.
Because it infects Windows systems running database software, the program resembles the Slammer worm, which spread widely nearly two years ago. However, unlike Slammer, a well-chosen password is protection against SpoolCLL, according to current analyses.
Moreover, the MySQL database is much more commonly installed alongside open-source operating systems, such as Linux. That means only a small fraction of computers connected to the Internet could be compromised by the MySQL bot.
The flaw used by the worm to gain control of a vulnerable system was discovered in mid-2004, and code to take advantage of the flaw was published in late December. Known as the MySQL UDF Dynamic Libray flaw, the vulnerability occurs because the database software does not do adequate security checks on user-defined functions (UDFs). It's not clear whether the bug has been fixed.
Computers taken over by the bot will attempt to connect to one of several Internet Relay Chat servers to obtain new targets and updates, the Internet Storm Center said. A survey of the IRC servers found 8,500 hosts connected, suggesting that many computers had been infected, though researchers were careful to qualify the number.
"This bot could use other mechanisms to spread," said Joe Stewart, a senior researcher at security firm LURHQ and a contributor to the Internet Storm Center analysis. "We can't say for sure that all 8,500 computers were infected by this particular exploit."
MySQL is a windows database system, I hardly think mac's would ever be affected by this worm by.
But don't worry, they becoming to a mac near you soon.
lol Love saying that.
But on a serious note, do you remember when windows was reported to be the OS that viruses couldn't touch. I find it funny people saying that about Mac's OS now ;P.
Windows, the OS, is unaffected as well. I'm not used to saying that... The flaw is with MySQL, so it seems that as open source gains popularity, it also gains attention, and has some of the same issues as other, larger companies. Anyone know if this flaw exists on other platforms? The 'MySQL UDF Dynamic Libray flaw' documentation looks like Linux, but I am unsure.
this is not a bug in the software. I like MySQL, but this sounds a lot like a Microsoft answer. Oh, it's not us. Then again, maybe it's really not a flaw in the software. Expecially if doesn't effect any other os version.
Here is the link <a class="jive-link-external" href="http://dev.mysql.com/tech-resources/articles/security_alert.html" target="_newWindow">http://dev.mysql.com/tech-resources/articles/security_alert.html</a>
and sort of it is. MySQL offers ways to make the connections safe. e.g. by use of SSL. If users don't use it, or choose bad passwords there is not much they can do.
However, they could add a delay time after a failed login before you could have new try. And increase that time exponentially for each consequtive failed login attempt.
This would give this kind of attacks much less chance of succeding
Chinese authorities have reportedly taken iPads from a third-party retailer, a move apparently brought on by Apple's continued refusal to honor a trademark for the iPad name owned by a Chinese manufacturer.
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.
After a higher-than-expected fourth quarter, the video subscription service unburdens itself of a pending yearlong class action suit and settles for $9 million.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
This week, we pass around Sony's new PlayStation Vita for some hands-on testing, check out HP's newest Beats Audio laptop, and debate the best and worst Valentine's Day gadget gifts.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
But don't worry, they becoming to a mac near you soon.
lol Love saying that.
But on a serious note, do you remember when windows was reported to be the OS that viruses couldn't touch. I find it funny people saying that about Mac's OS now ;P.
The flaw is with MySQL, so it seems that as open source gains popularity, it also gains attention, and has some of the same issues as other, larger companies.
Anyone know if this flaw exists on other platforms? The 'MySQL UDF Dynamic Libray flaw' documentation looks like Linux, but I am unsure.
Here is the link
<a class="jive-link-external" href="http://dev.mysql.com/tech-resources/articles/security_alert.html" target="_newWindow">http://dev.mysql.com/tech-resources/articles/security_alert.html</a>
However, they could add a delay time after a failed login before you could have new try. And increase that time exponentially for each consequtive failed login attempt.
This would give this kind of attacks much less chance of succeding