Virus experts at Sophos have warned computer users about a new
variant of the Forbot worm which targets MySQL open-source database
software on Windows computers connected to the internet. MySQL is a
popular alternative to Microsoft's SQL Server database software,
and there are said to be more than 5 million installations
worldwide.
The W32/Forbot-DY worm (also
called UDF, Wootbot or MySpool) is the latest in a long line of
worms in the Forbot family, which first began to appear in
mid-2004.
Aside from spreading across the internet, the worm also attempts
to create a zombie bot network which would allow remote hackers to
launch a distributed denial-of-service attack from infected
computers.
"System administrators should ensure that the computers under
their care are properly protected with the latest anti-virus
software, sensible firewall configurations and up-to-date security
patches," said Graham
Cluley, senior technology consultant for Sophos. "If you take
the necessary steps then malicious malware will find it as hard to
spread as frozen butter."
The Forbot-DY worm tries to spread to network shares with weak
passwords and also by using two Microsoft security vulnerabilities:
The RPC-DCOM security exploit (MS03-039) and the LSASS security exploit
(MS04-011).
"The Forbot worm uses a list of likely words to try and break
into systems with poorly chosen passwords," continued Cluley. "The
message to system administators is clear: beef up your passwords
now to stop these kind of attacks from being possible."
More information about the threat posed by the worm has been
published on the MySQL website.
Sophos does not believe that this latest worm will have the same
impact as the SQL
Slammer worm which slowed down parts of the internet in early
2003.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.