Thursday, 29 October 2015

MySQL Servers Used For DDoS Attacks

A group of criminals infects MySQL servers with malware and then let them carry out DDoS attacks. It reports the American security company Symantec in a blog posting.

To hijack the servers, the attackers use a "user-defined function" (UDF). It is in this case to code that can be invoked from within MySQL to provide features which can not offer the database management system. Its use to access MySQL servers is not new and was already discussed in 2005. In this case, the attackers use a UDF to install Chikdos malware on the server. This malware, in late 2013 already in the news.

At the latest campaign attackers Symantec may use an automated scanner or a worm to compromise the MySQL servers and install a UDF. However, the exact method of infection has not been identified. Once the servers are infected, they download a DDoS tool for executing DDoS attacks on websites.

To get around this kind of attack, administrators advised not to run with administrative rights to the SQL server. The SQL server must be patched regularly, and must be safe programming SQL Injection can be prevented. Furthermore, administrators can check for the presence of new user accounts and ensure that remote management is configured securely.

Downloader.Chikdos hashes

No comments:

Post a Comment