Thursday, January 27, 2005

MySQL virus reported

For you folks with WordPress and all the other blogs based on PHP and MySQL, here's something new to worry about. A virus called MySQL bot or SpoolCLL (the name of it's executable file) is reported to have infected around 8,000 computers so far.

The worm takes advantage of the administrator's use of weak passwords by making a brute force attack with a list of common passwords. If a password matches, it takes over the database.

The worm gets initial access to a database machine by guessing the password of the system administrator, using common passwords. It then uses a flaw in MySQL to run another type of program, known as bot software, which then takes full control of the system. "A long list of passwords is included with the bot, and the bot will brute-force the password," the Internet Storm Center said in its advisory. --ZDNet

This would be a very good time to go into your system and beef-up your database access password.