According to reports from eWeek and various other sources, malicious hackers have launched a zero-day bot attack against Windows servers using the MySQL database engine, infecting vulnerable systems at the rate of 100 per minute.

The bot attack consists of authenticating into the server as root and then pulling the password using the brute-force method using a list of passwords included with the bot.

The bot takes advantage of the publicly released "MySQL UDF Dynamic Library Exploit" to break into the open-source MySQL package. Once a database is hijacked, infected systems will connect to an IRC (Internet Relay Chat) server and retrieve propagation instructions.