Jump to content
Login new information ×
Login new information

Malware Infects MySQL Servers, Enrolls Them in Worldwide DDoS Botnet

Karamjit

By Karamjit
in Security & Privacy News

Recommended Posts

Karamjit

Karamjit

Posted
Posted

MySQL servers hijacked to carry out DDoS attacks

Symantec has uncovered an ongoing campaign in which hackers are using malware to hijack MySQL servers, enrolling them into a botnet specialized in launching DDoS attacks.

According to Symantec's Gavin O. Gorman, attackers may be using SQL injections (still unconfirmed) to infect MySQL servers with a custom-made UDF (user-defined function) file, which then saves the Downloader.Chikdos trojan on the server.

Since UDF files allow a MySQL server to initiate more complex operations on the server, to which regular SQL commands have no access, the attackers are calling the UDF file, which then downloads a more dangerous trojan detected as Trojan.Chikdos.A.

This trojan is a variant of the Trojan.Chikdos malware, specialized in carrying out DDoS attacks.

Webmasters that want to check if this malware has infected them should look for randomly named .dll files in the following folders: \Lib\, \Lib\plugin\, and \Bin\.

This campaign is actively used in the wild against US and Chinese victims

Symantec telemetry data confirms that this exploit is actively being used in the wild even now, with most infected MySQL servers being located in India, China, Brazil, Holland, and the US.

DDoS attacks detected originating from these MySQL servers have targeted a US-based hosting provider, and an IP address in China.

The reason hackers are targeting and infecting MySQL servers is connected to their widespread adoption, a large collection of ready-available MySQL vulnerabilities disclosed by security researchers, and the easy availability of hacking tools specifically designed to target flaws in MySQL servers.

Additionally, because MySQL servers exchange quite a big amount of data with other servers inside a company IT infrastructure, they usually have a higher bandwidth allocated to them, which can be exploited to carry out DDoS attacks at a higher volume when compared to Web servers, home PCs, or IoT devices.

From

Link to comment
Share on other sites
  • Views 719
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...