Logo

DOSarrest Vulnerability Testing and Optimization
Navigation
  • Home

Hackers infect MySQL servers with malware for DDoS attacks

on October 29, 2015 |
DDoS DDoS Attack Specialist DDoS Defense Defend Against DDoS DoS Attacks

Hackers are exploiting SQL injection flaws to infect MySQL database servers with a malware program that’s used to launch distributed denial-of-service (DDoS) attacks.

Security researchers from Symantec found MySQL servers in different countries infected with a malware program dubbed Chikdos that has variants for both Windows and Linux.

Don’t count on your ‘plain vanilla’ resume to get you noticed – your resume needs a personal flavor to

This Trojan is not new and was first documented in 2013 by incident responders from the Polish Computer Emergency Response Team (CERT.PL). At that time the malware was being installed on servers after using brute-force dictionary attacks to guess SSH (Secure Shell) login credentials.

However, the new attacks observed by Symantec abuse the user-defined function (UDF) capability of the MySQL database engine. UDF allows developers to extend the functionality of MySQL with compiled code.

Symantec believes that attackers exploit SQL injection vulnerabilities in order to inject malicious UDF code in databases. They then use the DUMP SQL command to save the injected code as a library file that is later executed by the MySQL process.

The malicious UDF code downloads and installs the Chikdos Trojan, which allows attackers to abuse the server’s bandwidth for DDoS attacks.

The Symantec researchers found MySQL servers infected with Chikdos in many countries, including India, China, Brazil, Netherlands, the U.S., South Korea, Mexico, Canada, Italy, Malaysia, Nigeria and Turkey. The largest concentrations were in India and China, 25 and 15 percent respectively.

During their analysis the researchers saw the servers being used to launch DDoS attacks against a U.S. hosting provider and a Chinese IP address.

The reason for targeting MySQL servers is likely because their bandwidth is considerably larger than that of regular PCs, making them more suitable for large DDoS campaigns, the Symantec researchers said in a blog post.

To prevent such attacks, website owners should avoid running SQL servers with administrative privileges and should follow best programming practices for mitigating SQL injection vulnerabilities, they said.

Source: http://social-media-news.com/link/907984_hackers-infect-mysql-servers-with-malware-for-ddos-attacks

Share this story:
  • tweet

Recent Posts

  • Bad actors launched an unprecedented wave of DDoS attacks in 2020

    January 26, 2021 - 0 Comment
  • As coronavirus cases surge, so do cyberattacks against the healthcare sector

    January 11, 2021 - 0 Comment
  • DDoS Attacks Remain a Serious Threat to Businesses Worldwide

    December 17, 2020 - 0 Comment
Comments are closed.
DOSarrest ad

Keep updated with the latest DDoS Attacks

RSSSubscribe
  • Home
  • Latest News
  • Contact
  • Sitemap
© Copyright 2013. All Rights Reserved. Web Development by: 6folds Marketing