Welcome to p2pnet.net - The original daily p2p and digital news site. Always First!
REGISTER | LOGIN
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
Reviews
Open Source
Mobiles
Advertising
Products
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Scroogle Search: 
Search
 
Web p2pnet   
   Search: 
Search
Torrent Site Tracker
    Sponsored by
Frostwire
 
p2pnet
 


mp3rocket
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code

MySQL bot targets Windows

p2pnet.net News:- A bot exploiting vulnerable MySQL installs on Windows systems is on the rampage and has so far infected several thousand, says the SANS Internet Storm Center.

“Infected systems will connect to an IRC server,” it says. “The IRC server will instruct them to scan various /8 networks for other vulnerable mysql servers.”

MySQL is an open source database engine used by millions of sites, with all that implies.

The bot uses the MySQL UDF Dynamic Library Exploit, says the Storm Center. To launch the exploitit first has to authenticate to mysql as ‘root’ user and, “A long list of passwords is included with the bot, and the bot will brute force the password.”

eWeek quotes security consultant Jacques Erasmus as saying the hijacked database engines are creating a zombie network of machines capable of being misused.

“Attacking all MySQL Windows installations, Erasmus said the bot, identified as MySpooler, opens three listening ports on the target machine and drops in an eight-character random file name,” says eWeek.

Erasmus said MySpooler also provides a backdoor for the attack to access the machine and deliver payload.

What can you do about it?

Its fundamental weakness it uses is a week ‘root’ account, says the Storm Center.

  • Select a strong password, in particular for the ‘root’ account.
  • Connections for any account can be limited to certain hosts in MySQL and if possible, ‘root’ should only be allowed to connect from the local host. MySQL will also allow you to force connections to use mysql’s own SSL connection option.
  • MySQL servers should not be exposed to the ‘wild outside’. Block port 3306 and only allow access from selected hosts that require such access. Again, the use of ssh forwarding or SSL is highly recommended.

Go here for a one page cheat-sheet explaining how to setup passwords and disable network access in mysql, adds the Storm Center:

Something you think we should know about? tips[at]p2pnet.net

===================

See:-
rampage – Handler’s Diary January 27th 2005, SANS Internet Storm Center, January 27, 2005
zombie network - MySQL ‘Bot’ Attacks Windows Systems, eWeek, January 27, 2005

This entry was posted on Friday, January 28th, 2005 at 1:46 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 2202 times

« previous Microsoft Anti-Piracy plan
Halo 2 boosts Microsoft Q1 profits next »

One Response to “MySQL bot targets Windows”

  1. Reader's Write Says:
    January 28th, 2005 at 4:39 pm

    anyone who doesn’t use at least an 8 char random alpha-numeric for root deserves a little pain ;)

    TT

Leave a Reply

ONLY items referencing the post at hand, please. No links to personal sites, no personal attacks, trolling, freebie advertising, or off-topic posts. Thanks. And Cheers!

    Sponsored by
tek savvy