MySQL worm goes on rampage - is shut off at source
Link: MySQL worm goes on rampage - is shut off at source
A worm that exploited Windows installations of MySQL wraeked havoc yesterday as it spread rapidly across the internet.
Known as the MySpooler worm, it attempts to force its way in with a database of potential passwords, and once in it uses the the MySQL UDF Dynamic Library exploit to upload malicious code from an IRC channel - in this instance, the Wootbot trojan).
The MySpooler worm was believed to have infected as many as 4,500 machines per hour at its peak, and specifically targeted Windows machines running MySQL 4.0.21 or later, because these have elevated privileges over Unix installs which otherwise shield critical systems from MySQL operations.
However, CNet reports in MySQL worm halted that Symantec reports that the IRC channels were eventually shut down, effectively isolating the worm, but only after thousands of machines were turned into zombies.
The exploit involved was apparently reported as far back as July 2004, and code publicly released on the internet in December.