Virus experts at Sophos have warned computer users about a new
variant of the Forbot worm which targets MySQL open-source database
software on Windows computers connected to the internet. MySQL is a
popular alternative to Microsoft's SQL Server database software,
and there are said to be more than 5 million installations
worldwide.
The W32/Forbot-DY worm (also
called UDF, Wootbot or MySpool) is the latest in a long line of
worms in the Forbot family, which first began to appear in
mid-2004.
Aside from spreading across the internet, the worm also attempts
to create a zombie bot network which would allow remote hackers to
launch a distributed denial-of-service attack from infected
computers.
"System administrators should ensure that the computers under
their care are properly protected with the latest anti-virus
software, sensible firewall configurations and up-to-date security
patches," said Graham
Cluley, senior technology consultant for Sophos. "If you take
the necessary steps then malicious malware will find it as hard to
spread as frozen butter."
The Forbot-DY worm tries to spread to network shares with weak
passwords and also by using two Microsoft security vulnerabilities:
The RPC-DCOM security exploit (MS03-039) and the LSASS security exploit
(MS04-011).
"The Forbot worm uses a list of likely words to try and break
into systems with poorly chosen passwords," continued Cluley. "The
message to system administators is clear: beef up your passwords
now to stop these kind of attacks from being possible."
More information about the threat posed by the worm has been
published on the MySQL website.
Sophos does not believe that this latest worm will have the same
impact as the SQL
Slammer worm which slowed down parts of the internet in early
2003.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.