The National Infrastructure Security Co-ordination Centre (NISCC) has issued an alert over the MySpooler worm reported yesterday, which threatens Windows servers with weak passwords for root access to MySQL.
NISCC, which was set up to minimise risk to the UK's critical national infrastructure from electronic attacks, posted the warning on its Web site after its Australian counterpart AusCERT alerted users to the worm. It highlighted that the worm's most destructive feature is its potential ability to facilitate massive distributed-denial-of-service attacks.
"AusCERT has become aware of a new worm currently exploiting MySQL on Windows systems. The worm infects systems using an automated attack on weak passwords for the MySQL "root" account," warned NISCC.
"MySQL administrators are encouraged to apply the mitigation steps below as soon as possible to prevent infection. Non-Windows MySQL systems are not targeted by this worm, but are vulnerable to the same attack if MySQL is running as root," the Centre added.
MySpooler is thought to be recruiting thousands of machines for distributed-denial-of-service attacks, which use compromised computers that act cooperatively to disable target machines by flooding them with data.
Although US-based security organisation SANS also has posted warnings about the worm, antivirus companies have said the worm is not a major concern because they have seen many similar worms before.
Sophos has recognised the worm as a variant of a worm nicknamed Forbot. The company said that aside from spreading across the internet, the worm also attempts to create a collective network which would allow remote hackers to launch a distributed denial-of-service attack from infected computers.
"We didn't think it was too important because we've seen before," said Mikko Hyppönen, director of antivirus research for F-Secure. "But it is more important than many others because MySQL is common and many machines connect to Internet. Their typical use is databases for the Web. They shouldn't really accept incoming connections, but some administrators will forget about that. So it will probably be successful in finding poorly maintained systems."