MySQL windows Warning

Development for CoPaP
Post Reply
teleri
World Leader: The Outlands
Posts: 497
Joined: Thu Jul 01, 2004 2:24 pm
Location: Sigil
Contact:

MySQL windows Warning

Post by teleri » Thu Jan 27, 2005 12:29 pm

There is a MySQL port Scan and exploit happening please be careful.

To see if you have been infected look for spoolcll.exe.

This is a bot, and it uses weak root passwords to gain entry to MySQL. From there, it loads a BLOB in a table with a payload DLL, which it then writes to disk and loads as a MySQL UDF. The UDF is called, which creates the bot and the system is compromised.

Damage appears to be low as it is more spyware than anything, and you are only at risk if you A) Have not firewalled the MySQL Port, B) Have a root account that is allowed to login from anywhere, not just localhost, and C) Have a weak root password.

So, the fix is this:

A) Firewall port 3306
B) Remove the root@% account, only allow root@localhost
C) Set a strong password

More info at http://www.openwin.org/mike/index.php/a ... %20-loose/



Link to the Slashdot article on this.

http://it.slashdot.org/it/05/01/27/1546 ... 172&tid=95
Cheers,
teleri

Building the Outlands one GateTown at a Time
[url=http://www.greatring.net][color=blue][u][b]The Outlands[/color][/u][/b][/url]
[url=http://www.diterlizzi.com/art/games/planescape/index.html][color=blue][u][b]The Look of PlaneScape[/color][/u][/b][/url]

Post Reply