MySQL servers hit by DDoS malware botnet

News
By published

Hackers target vulnerable MySQL servers with Ddostf

DDoS attack
(Image credit: FrameStockFootages / Shutterstock)

Hackers have been observed targeting vulnerable MySQL servers in an attempt to compromise and assimilate them into a Distributed Denial of Service (DDoS) botnet. 

Researchers at the AhnLab Security Emergency Response Center (ASEC) came across a hacking campaign during routine database server threat monitoring. The researchers found that the hackers were scanning the internet for MySQL servers and approaching them in two ways: either by trying to exploit a vulnerability in an unpatched environment, or by brute-forcing their way in. Some MySQL endpoints have weak administrator passwords, allowing hackers to win the guessing game and enter the premises.

Once the server has been compromised, the attackers would use a feature called User-Defined Functions (UDF) which would allow them to run commands on the endpoint. The researchers said the hackers would define certain functions in C or C++ and compile them into a DLL, essentially creating their own malicious UDF. This UDF would, among other things, download the Ddostf malware which would bring the device into the botnet fold.

Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

Patching the servers

The threat actors have no intention of using the botnet themselves, the researchers further stated. Instead, they are creating a DDoS-as-a-Service, where other hackers can rent out the service and use the infrastructure for their own attacks, for a fee. The cost of using the Ddostf botnet is unknown at the time. 

It is also worth mentioning that the malicious UDF can do more things than just download the malware. Hackers can also use it to steal sensitive data from the server, set up persistent access, and more. 

The best way to protect against these attacks, the researchers concluded, is to make sure your MySQL servers are regularly updated and that you don’t stall with installing the patches. Furthermore, having strong login credentials that get refreshed in regular intervals will make brute-force attacks almost impossible to pull off.

Via BleepingComputer

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
TP-Link and NR routers targeted by worrying new botnet
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Industrial routers are being hit by zero-days from new Mirai botnets
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Dangerous new botnet targets webcams, routers across the world
DDoS Attack
Watch out, your office phone could be hijacked into a Mirai botnet
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
Latest in Security
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Image depicting a hand on a scanner
Hackers are targeting unpatched ServiceNow instances that exploit 3 separate year-old vulnerabilities
ransomware avast
Ransomware attacks are costing Government offices a month of downtime on average
Latest in News
Samuel and Romy standing very close together in A24's Babygirl movie
Everything new on Max in April 2025, including A24's Babygirl and The Last of Us season 2
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
AMD’s secret weapon against Nvidia seems to be stock – way more RX 9070 GPUs are rumored to be hitting shelves than RTX 5000 models
Seth Milchick and Kier Eagan's animatronic speaking in Severance season 2 episode 10
Apple TV+ announces Severance has been renewed for season 3 after that devastating finale
AMD Ryzen AI
New leak suggests AMD's working on an Arm-based processor to rival Qualcomm's Snapdragon X series
Apple's Craig Federighi presenting customization options in iOS 18 at the Worldwide Developers Conference (WWDC) 2024.
iOS 19: new features, a new design, and everything you need to know
Spotify's new Concerts Near You playlist feature showing a list of songs by local touring artists
Spotify has launched a new Concerts Near You playlist, making it easier for you to see if your favorite artists are performing in your area
More about security
Representational image depecting cybersecurity protection

Cisco smart licensing system sees critical security flaws exploited
An image of network security icons for a network encircling a digital blue earth.

US government warns agencies to make sure their backups are safe from NAKIVO security issue
Canada's Val Sweeting competes during the LGT World Womens Curling Championship match for third place ahead of Canada's showing at the Women's Curling World Championships 2025

Women's Curling World Championships live stream: how to watch Uijeongbu 2025 online, schedule, streaming guide
See more latest
Most Popular
Samuel and Romy standing very close together in A24's Babygirl movie
Everything new on Max in April 2025, including A24's Babygirl and The Last of Us season 2
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
AMD’s secret weapon against Nvidia seems to be stock – way more RX 9070 GPUs are rumored to be hitting shelves than RTX 5000 models
AMD Ryzen AI
New leak suggests AMD's working on an Arm-based processor to rival Qualcomm's Snapdragon X series
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Saturday, March 22 (game #384)
A collage of Mikey Madison's Anora, Sadie Sink's O'Dessa, and Glinda and Elphaba in Wicked
7 new movies and TV shows to stream on Netflix, Prime Video, Max, and more this weekend (March 21)
Quordle on a smartphone held in a hand
Quordle hints and answers for Saturday, March 22 (game #1153)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Saturday, March 22 (game #650)
Apple's Craig Federighi presenting customization options in iOS 18 at the Worldwide Developers Conference (WWDC) 2024.
iOS 19: new features, a new design, and everything you need to know
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue