JSKY Posted January 29, 2005 Report Share Posted January 29, 2005 Found this on another site.A worm that takes advantage of administrators' poor password choices has started spreading among database systems.The malicious program, known as the "MySQL bot" or by the name of its executable code, SpoolCLL, infects computers running the Microsoft Windows operating system and open-source database known as MySQL, the Internet Storm Center said in an advisory published Thursday. Early indications suggest that more than 8,000 computers may be infected so far, said the group, which monitors network threats.The worm gets initial access to a database machine by guessing the password of the system administrator, using common passwords. It then uses a flaw in MySQL to run another type of program, known as bot software, which then takes full control of the system.Not sure how many of you run MySQL, but found it a threat to everyone. Quote Link to post Share on other sites
Besttechie Posted January 29, 2005 Report Share Posted January 29, 2005 Thanks for the alert.My forums run on a MySQL database, but I use very good passwords. If you found out any more information on this worm, such as a fix or patch, please let us know. Thanks. B Quote Link to post Share on other sites
Dan Posted January 29, 2005 Report Share Posted January 29, 2005 Makes me think....I need to change my password...dk Quote Link to post Share on other sites
JSKY Posted January 30, 2005 Author Report Share Posted January 30, 2005 (edited) Here is some more on the MySQL Worm. Read down towards the bottom of the page for different rundowns on this new worm.MySQL Worm Sorry, link not working right. Please type MySQL Worm into the search bar to see the latest findings.Also listed on another site some facts.This is one of the reasons many providers use, to make MySQL only reachable by localhost connections.So if it comes like a virus or worm on your machine, bypassing any http-communications so to speak, you're unpleasantly confronted with yet another screw-up of your system...Windows 2000/2003 Servers have the abillity to demand you to use better passwords, but you cannot use any of these more complex passwords for MySQL.For instance: <acb123>, which is basically accepted by Windows as a strong password, cannot be used for MySQL.Windows describes usage of 3 different types of characters and a minimum of 8.a-z, A-Z, 0-9 and special chars like !@#$%^&*()_+= and so on..MySQL however, only accepts a-z, A-Z, 0-9But still, it complies to the 3 different types of chars anyway.So you all are better of using these and create passwords with at least 8 chars. Edited January 30, 2005 by JSKY Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.