MySQL Bot Attacks Windows Systems

By on January 28, 2005, 7:00 PM
According to reports from eWeek and various other sources, malicious hackers have launched a zero-day bot attack against Windows servers using the MySQL database engine, infecting vulnerable systems at the rate of 100 per minute.

The bot attack consists of authenticating into the server as root and then pulling the password using the brute-force method using a list of passwords included with the bot.

The bot takes advantage of the publicly released "MySQL UDF Dynamic Library Exploit" to break into the open-source MySQL package. Once a database is hijacked, infected systems will connect to an IRC (Internet Relay Chat) server and retrieve propagation instructions.




User Comments: 10

Got something to say? Post a comment
mjconnor said:
Here's what WSJ Tech Guru has say about MS Windows:"The PC has, in many cases, gone from being a solution to being a problem...instead of being able to view their computers as tools for productivity, research, communication and entertainment, consumers have been forced to devote rising amounts of time and money just to keeping the machines safe."He continues,"[Apple's] new iMac G5 model is the single best desktop computer I have ever reviewed. And Apple is the only computer company whose business is focused on consumers and small businesses...The Mac is also packed with extras that Windows lacks. It has a suite of easy, free, multimedia programs that can't be matched on Windows at any price. It has a better free browser and e-mail program than Windows. It can read and create PDF files without requiring the purchase of any extra software. Best of all, the current Mac operating system has never been attacked by a successful virus."Check this site out! Come on, join the fun![url]http://www.apple.com/switch/[/url]Here's a look at where Mac OS X will be within 6 months. Do you really want to wait 3 more years for Longhorn, which will be ten years out of date by the time it ships?[url]http://www.apple.com/macosx/[/url]Every point you can make against switching to a Mac are just Wintel PR's FUD talking points. Don't let them fool you.[url]http://billpalmer.net/com000210.html[/url][url]http
//www.computerworld.com/softwaretopics/os/macos/story/0,10
01,84023,00.html[/url][url]http://arstechnica.com/guides/t
eaks/miniguide.ars[/url]Get a Mac! As a former PC User, I can say that within three months you will never want to SEE a PC again.
e39 said:
[b]Originally posted by mjconnor:[/b][quote]Here's what WSJ Tech Guru has say about MS Windows:[/quote]mjconner, while I appreciate you have an unhealthy obsession with particular material goods, I think I should point out that this is particular problem has nothing to do with Windows, but rather it is a flaw exploited in open source software that is being used to attack a database engine written by Microsoft.
Phantasm66 said:
[b]Originally posted by mjconnor:[/b][quote]Here's what WSJ Tech Guru has say about MS Windows:"The PC has, in many cases, gone from being a solution to being a problem...instead of being able to view their computers as tools for productivity, research, communication and entertainment, consumers have been forced to devote rising amounts of time and money just to keeping the machines safe."[/quote]Well, the problem is with MySQL in this case, but that is a great quote and a very good point. Spyware? IE flaws? Not getting updates unless you activate? Its all nonsense.
razvanux said:
It is not a vulnerability in Windows or mySQL, it is a brute force attack. The same flavored attack can be directed on nixes or on Macs. Microsoft itself is attacked, rather than the OS, by keeping headlines saying: "MySql worm attacks windows systems" or similar.To the average user, who knows little or nothing about computers, that headline will be enough for him to understand that "here's another proof of windows vulnerabilities"...I bet all I have on the fact that sooner than expected, we'll start seeing Firefox security weaknesses, Opera weaknesses anso. These programs have been safe for now because most of the cracker's energy went into demolishing Microsoft... Remember SCO attack last year? It's enough for you (as a cracker, in a such a community) to have your focus and your resources directed in a particular direction to make it crack, if that's what you desireSoftware systems (programs) are the most complex systems every designed by a human mind. A medium sized program can easily beat in complexity the most advanced mechanical systems. So, as long as there will be deadlines to meet, there will never be perfect software. It's just too much to test and validate and too little time. ~~Razvan.
razvanux said:
Ooops... Misreading. It is also MySql weakness indeed. I got stuck with early information on this -2 days ago- and read quickly this news add, missing the italics :-(.
shnig said:
[b]Originally posted by razvanux:[/b][quote]Software systems (programs) are the most complex systems every designed by a human mind. A medium sized program can easily beat in complexity the most advanced mechanical systems. [/quote]That is debatable. There is a hell of a lot more presision involved in making mechanical stuff then there is in software writing.
Nic said:
[b]Originally posted by shnig:[/b][quote]That is debatable. There is a hell of a lot more presision involved in making mechanical stuff then there is in software writing.[/quote]Not so, but granted there is often a lot of precision required in manufacturing mechanical products. However, complexity is what software consists of and much of that is hidden from programmers by the tools they use. There aren't any mechanical systems that come close to being as complex as much of the software being used today. While a mechanical watch may be slighlty less accurate if one of its components is a little bit less precise in it's size, if a piece of software is slighly imprecise you can have a catastrophic failure as in the case of the Ariane rocket disaster...[quote]The Ariane Disaster, 4th June 1996At 36.7 seconds after H0 (approx. 30 seconds after lift-off) the computer ... became inoperative... This was caused by an internal variable related to the horizontal velocity of the launcher exceeding a limit which existed in the software of this computer... Returning to the software error, the Board wishes to point out that software is an expression of a highly detailed design and does not fail in the same sense as a mechanical system. Furthermore software is flexible and expressive and thus encourages highly demanding requirements, which in turn lead to complex implementations which are difficult to assess…(Extracts from the official report)[/quote]
shnig said:
Ignorence is bliss yeah? Ever fired an automatic rifle or seen a formula one car in acton? infact even the very hardware which software runs on is more complicated then it!
razvanux said:
[b]Originally posted by shnig:[/b][quote]Ignorence is bliss yeah? Ever fired an automatic rifle or seen a formula one car in acton? infact even the very hardware which software runs on is more complicated then it![/quote]Well, I wasn't expecting to see the automated rifle brought in here... No, ignorance it isn't bliss, maybe you are the ingorant one. The following ultra-simple C code sequence which really doesn't do anythingint main(void){ return 0;}translates into a program which surpasses in complexity any laser-firing, corner turning gun. The process initialization - memory space allocations, OS- per/process information initializations, entry-point finding, file-allocation operations and scores of other processes that are fired up on when you start a program makes this weenie no-good program be more complex even than a formula one car.Software has the abilities that most (almost ALL) mechanical systems lack: exception handling and complex, alternate execution paths.The only machines that do not lack these abilities have electronics embedded in them, which usually run some sort of software of some kind.
shnig said:
Well I do a lot of programming myself and I also do a lot of curcit design and a lot of what is "behind" programs is actually at circut and transistor level which is hardware making your point moot. I also regulerly use automatic rifles are also rediculously complecated.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.