The malicious program, known as the "MySQL bot" or by the name of its executable code, SpoolCLL, infects computers running the Microsoft Windows operating system and open-source database known as MySQL, the Internet Storm Center said in an advisory published Thursday. Early indications suggest that more than 8,000 computers may be infected so far, said the group, which monitors network threats.
The worm gets initial access to a database machine by guessing the password of the system administrator, using a long list of common passwords. It then uses a flaw in MySQL to run another type of program, known as bot software, which then takes full control of the system.
Because it infects Windows systems running database software, the program resembles the Slammer worm, which spread widely nearly two years ago. However, unlike Slammer, a well-chosen password is protection against SpoolCLL, according to current analyses. The MySQL database is uncommon in Windows operating systems. That means only a small fraction of computers connected to the Internet could be compromised by the MySQL bot.
The flaw used by the worm to gain control of a vulnerable system was discovered in mid-2004, and code to take advantage of the flaw was published in late December. Known as the MySQL UDF Dynamic Libray flaw, the vulnerability occurs because the database software does not do adequate security checks on user-defined functions (UDFs). It's not clear whether the bug has been fixed. ”
http://news.zdnet.com/2100-1009-5553570.html?tag=nl.e550
Posts
No comments:
Post a Comment