Updated: Opinion: Worms such as MySpooler, which spreads via weak passwords in MySQL, take advantage of the fact that inexperienced users are opening enterprises' back doors to open-source software.
Are they lazy? Stupid? Or merely inexperienced?
Its baffling that so many database administrators or casual non-DBA downloaders were responsible for leaving weak or default passwords on MySQL databases and thus allowing the MySpooler bot attack against Windows installations of MySQL, which last week peaked at an infection rate of 100 machines per minute.
Johannes Ullrich, chief technology officer at the SANS Internet Storm Center, told eWEEK.com reporter Ryan Naraine that, in order to launch the exploit, the bot first had to authenticate to "mysql" as "root" user. Once authenticated, brute-force attacks were launched using a list of passwords included with the bot.
The hijacked databases were thus strung together in a network of MySQL Windows installations that was up to no good, as MySpooler opened three listening ports on target machines and dropped in random, eight-character file names.
MySpooler also inserted a backdoor through which to access the machine and deliver payload, Naraine reported. And MySpooler also included a DDoS engine, scanners, and commands to solicit information such as system stats and software registration keys.
In other words, MySpooler was an evil little bugger. But what really kills me is this quote from Ullrich: "This bot does not use any vulnerability in MySQL. The fundamental weakness it uses is a weak root account," he said.
The bot attack fizzled after DNS service authorities shut off access to IRC servers controlling the worm. Read more here.
Weak or default passwords? Weak root accounts? Arent we beyond that? After all, whether youre talking databases or networks or general host operating systems, the process for dealing with weak passwords is well understood.
Vulnerability scanning has been around for years, with smart system administrators scanning routers and general-purpose operating systems such as Windows and Unix.
Really savvy enterprises have hooked up with tools to scan databases as well, tools from Application Security or Internet Security Systems or the like, although databases, regrettably, still lag in getting the level of vulnerability scanning to which their network component brethren have been rightly subjected.
Next Page: Organic growth means inexperienced users.
Lisa Vaas is News Editor/Operations for eWEEK.com and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on eWEEK.com, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.