Malicious hackers have launched a zero-day bot attack against default Windows installations of the MySQL database engine, infecting vulnerable systems at the rate of 100 per minute, security experts warned on Thursday.
The MySpooler worm has already infected thousands of machines with many more at risk. It infects by taking advantage of weak password controlled systems and then uses a known exploit to gain entry to install a backdoor program called a "Wootbot". Once this is done the system logs into a hackers IRC channel and hunts out other servers to infect.
Although mySQL is popular on Unix machines, only mySQL 4.0.21 for Windows is vulnerable to this attack. The SANS institute recommends blocking port 3306 and ensuring root passwords are secure enough. So "password" as a password simply won't do.