FIXIT MENU:
home about us contact us

WHAT'S AVAILABLE:
free scripts advanced scripts online tools great books web related tutorials contributed tutorials news archive geek toys!

SUPPORT:
help forum live chat help



Selected article

RSS feed   enewsbar Live Subscribe    Add to MyYahoo    Add to Google

Other HTMLfixIT articles:




by Franki

A new Windows only worm has appeared, and this one uses weak installations of the MySQL database server on Windows running machines. The worm uses a list of 1000 passwords to try and get admin user in MySQL, and if it does, it uses a known exploit to install malicious code onto the server. The “owned” machine will then join an IRC server and await instructions. (apparently the current instructions are to look for other machines to infect, but that could change.) The name of the worm is Forbot, and you can read about it further here.

So folks, if you are silly enough to have a Windows server running MySQL, and that copy of MySQL is not locked down to disallow remote root access, and there is no decent password, (a good password is at least 8 characters, and a mix of letters, numbers and symbols), then now is a good time to scan your system for the exploit. There is no reason to allow remote root access over the net. In fact I go further then that and locked all our users down to all localhost or local network connections only. (We are running Linux servers, so this isn’t applicable anyway, but tight settings are a good basis for any server. ) It seems to me that the main issue that leads to such compromises is people not considering the security implications of a specific action. The best way to set up security, is to lock the machine up totally, so it cannot do anything, and then lower that step by step till you can achieve only exactly what you need.








One Response to “MySQL on Windows is targeted by worm.”

  1. Kitchen Renovations Fort St John Says:

    Thanks for keeping people up on what’s happening.

    Kitchen Renovations Fort St John







This site is totally free to use, you have absolutely no moral or legal obligations to help us continue.
There are however, some costs involved in running the site.

<random humor>
Plus Franki is trying to buy a bigger hard disk to support this site.
</random humor>

So if this site helped you find your way, perhaps you could consider contributing to our costs. Whatever amount you feel this site was worth to you would be just wonderful.
Use PayPal if you do decide to share and help us with the costs and in appreciation for our time and attention, or alternatively buy a book from our Bookstore..


  Time  in  Don's  part  of the world is:   March 28, 2024, 3:56 am
  Time in Franki's part of the world is:   March 28, 2024, 4:56 pm
  Don't worry neither one sleeps very long!



privacy policy :: support us :: home :: live chat help
contact us :: forum ::tutorials :: bookstore :: Site Map



      Valid XHTML 1.0!             powered by Apache Server
Pic 3 Pic 3

SEARCH:
USEFUL LINKS:

CIGHTML Firefox Thunderbird ClamWin WordPress SpyBot S&D TheGIMP Apache for Windows Registry Cleaners More cool stuff:

//-->

HTMLfixIT Site Stats.

Browser Statistics
Internet Explorer 85.88%
IE 717.63%
IE 62.3%
IE 50.00%
IE other8.6%
Moz Firefox 3.x3.03%
Moz Firefox 2.x0.18%
Moz Firefox 0.x/1.x26.65%
Netscape 8.x0.00%
NS 6+/Mozilla2.73%
Moz Seamonkey0.00%
K-meleon0.00%
Epiphany0.00%
Netscape 4.x0.00%
Opera 9.x0.00%
Opera 8.x0.00%
Opera 7.x0.42%
Opera 6.x0.00%
Opera other0.42%
Safari Mac/Intel5.21%
Safari Mac/PPC0.06%
Safari Windows25.2%
Google Chrome1.51%
Konqueror0.18%
Galeon0.00%
WebTV0.00%


Resolution Statistics
640 x 4800.25%
800 x 60026.14%
1024 x 76836.55%
1152 x 8640.25%
1280 x 80011.68%
1280 x 8540.00%
1280 x 102417.01%
1400 x 10500.00%
1600 x 12001.02%
1920 x 12007.11%
2560 x 10240.00%


OS Statistics
Windows 741.55%
Windows Vista2.4%
Windows 20033.91%
Windows XP20.86%
Windows 20000.36%
Windows NT40.05%
Windows 98/ME0.05%
Windows 950.00%
Linux/UNIX/BSD8.76%
Mac OSX8.03%
Mac Classic0.00%
Misc14.03%



New Windows Virus Alerts
also by sophos.

17 Apr 2011 Troj/Mdrop-DKE
17 Apr 2011 Troj/Sasfis-O
17 Apr 2011 Troj/Keygen-FU
17 Apr 2011 Troj/Zbot-AOY
17 Apr 2011 Troj/Zbot-AOW
17 Apr 2011 W32/Womble-E
17 Apr 2011 Troj/VB-FGD
17 Apr 2011 Troj/FakeAV-DFF
17 Apr 2011 Troj/SWFLdr-W
17 Apr 2011 W32/RorpiaMem-A

For details and removal instructions, click the virus in question.