MySQL worm hits Windows systems

By Robert Lemos
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
- Google
- Newsvine
- Yahoo! Bookmarks
- Twitter
- Stumbleupon
E-mail
Print

Related Stories: Seeds of destruction
January 15, 2004; A 20-year plague
November 25, 2003; Damage control
February 6, 2003

A worm that takes advantage of administrators' poor password choices has started spreading among database systems.

The malicious program, known as the "MySQL bot" or by the name of its executable code, SpoolCLL, infects computers running the Microsoft Windows operating system and open-source database known as MySQL, the Internet Storm Center said in an advisory published Thursday. Early indications suggest that more than 8,000 computers may be infected so far, said the group, which monitors network threats.

The worm gets initial access to a database machine by guessing the password of the system administrator, using common passwords. It then uses a flaw in MySQL to run another type of program, known as bot software, which then takes full control of the system.

Related feature
Password imperfect

Passwords have moved from a security measure to a security risk, Microsoft says.

"A long list of passwords is included with the bot, and the bot will brute-force the password," the Internet Storm Center said in its advisory.

Because it infects Windows systems running database software, the program resembles the Slammer worm, which spread widely nearly two years ago. However, unlike Slammer, a well-chosen password is protection against SpoolCLL, according to current analyses.

Moreover, the MySQL database is much more commonly installed alongside open-source operating systems, such as Linux. That means only a small fraction of computers connected to the Internet could be compromised by the MySQL bot.

The flaw used by the worm to gain control of a vulnerable system was discovered in mid-2004, and code to take advantage of the flaw was published in late December. Known as the MySQL UDF Dynamic Libray flaw, the vulnerability occurs because the database software does not do adequate security checks on user-defined functions (UDFs). It's not clear whether the bug has been fixed.

Computers taken over by the bot will attempt to connect to one of several Internet Relay Chat servers to obtain new targets and updates, the Internet Storm Center said. A survey of the IRC servers found 8,500 hosts connected, suggesting that many computers had been infected, though researchers were careful to qualify the number.

"This bot could use other mechanisms to spread," said Joe Stewart, a senior researcher at security firm LURHQ and a contributor to the Internet Storm Center analysis. "We can't say for sure that all 8,500 computers were infected by this particular exploit."

See more CNET content tagged:
Internet Storm Center, bot, MySQL, worm, IRC server

Macintosh unaffected
by January 27, 2005 1:26 PM PST: I enjoy saying that; Reply to this comment View all 3 replies
Processing

According to MySQL...
by System Tyrant January 27, 2005 9:10 PM PST: this is not a bug in the software. I like MySQL, but this sounds a lot like a Microsoft answer. Oh, it's not us. Then again, maybe it's really not a flaw in the software. Expecially if doesn't effect any other os version.

Here is the link
http://dev.mysql.com/tech-resources/articles/security_alert.html; Reply to this comment View reply
Processing

Latest tech news headlines

Apple will repair MacBooks that have faulty Nvidia GPUs
Posted in News - Apple by Anne Dujmovic

October 10, 2008 6:00 PM PDT
ChunkIt for search clarity
Posted in The Download Blog by Seth Rosenblatt

October 10, 2008 5:10 PM PDT
Ellison's mantra: Spend, baby, spend
Posted in Coop's Corner by Charles Cooper

October 10, 2008 4:13 PM PDT
See all headlines

Resource center from News.com sponsors

You Need The Speed of Norton 2009

Introducing Norton Internet Security™2009

With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
Week in review: Tech stocks tumble
Of course it wasn't just technology stocks that took a dive this week, but industry leaders are doing some serious worrying about what lies ahead.
Gallery
Photos: Top 10 reviews of the week
News - Apple
Apple will repair MacBooks that have faulty Nvidia GPUs
Computer maker says it has determined some MacBook Pros may be affected by Nvidia graphics chip glitch, and offers to repair those notebooks at no charge.
Coop's Corner
Ellison's mantra: Spend, baby, spend
It may be hell out there, but Oracle's chief tells shareholders the company still intends to shop for more acquisitions.
Video
Sprint launches Xohm WiMax
News - Digital Media
YouTube beams up 'Star Trek' for long-form video
YouTube gets Beverly Hills 90210, MacGyver, and Star Trek in a test of longer-form video that's theatrically presented and interrupted by ads.
Video
Talking with Newt Gingrich on tech, bailout
News - Politics and Law
President signs broadband data collection bill
The Broadband Data Act encourages wider collection of information regarding nationwide access to broadband.
News - Cutting Edge
Academics sink teeth into Yahoo search service
Yahoo hopes its Build Your Own Search Service program has piqued the interest of academic researchers. Next stop: start-ups.
Gallery
Photos: Cracking open Apple's revamped iPod Nano
Crave
This week in Crave-land
Here's a look back at some of the truly interesting, strange, and wonderfully silly stories we Craved this week.
Green Tech
Urban wind power inspired by ancient Persia
The shape of urban wind power continues to morph. The latest twist come from Windation, a company with a design inspired by centuries-old "wind catchers."