newsfox
newsfox
Contact:
Julian Mattocks
Phone: +43-1-81140-308
E-Mail: mattocks@pressetext.com
KEYWORDS:
HIGHTECH
Fri, 28.01.2005
Print
pte20050128034 Computer/Telecommunications
Pressbox Pressbox
New worm attacks Windows servers
MySpooler uploads malicious code using MySQL

Milton Keynes (pte034/28.01.2005/15:15) - A worm has been discovered by experts, which exploits vulnerable installations of MySQL to take over Windows servers. As the British IT portal The Register http://www.theregister.co.uk reports, the MySpooler worm takes advantage of weak administrative passwords to log onto target systems. It then uses the MySQL UDF Dynamic Library to upload malicious code - backdoor program called Wootbot.

Vulnerable systems log onto an IRC channel, which makes them prone to attack in a network programmed to find new computers to infect. According to Internet security specialists PrevX http://www.prevx.com , the MySpooler worm infected up to 4,500 computer systems an hour in the early hours of its outbreak, due to an upsurge in port 3306 scans associated with the worm.

Although the MySQL open source database is available in Unix and Windows format, only Windows machines running MySQL 4.0.21 or later have been exploited in the attack. An analysis has been put together by the SANS institute of the malware as well as suggested defence strategies. The company recommends blocking port 3306 on firewalls, restricting access to root accounts and making sure that strong passwords resistant to malicious attack are used.

(end)
Submitter: newsfox
Contact: Julian Mattocks
Phone: +43-1-81140-308
E-Mail: mattocks@pressetext.com
Website:
newsfox