Chikdos Trojan Infecting & Abusing MySQL servers to Execute DDoS Assaults

According to Symantec, a PC-Trojan called 'Chikdos' is being used for contaminating MySQL servers after which they're getting exploited for carrying out DDoS (distributed denial-of-service) assaults.

First discovered during 2013, the Chikdos malicious program has been created for compromising both Windows and Linux computers followed with executing DDoS assaults through those hijacked systems.

The assaults targeted at MySQL servers begin by making one sinister UDF (user-defined function) behave like certain downloader named Downloader.Chikdos that pulls down the real malicious program Symantec identified as Trojan.Chikdos.A.

The use of UDFs involves getting any MySQL server to increase its functionality after they're carefully kept inside computers' file system. The functions are normally planted onto MySQL servers with the aid of SQL injection assaults. However, within the current instance, it isn't clear whether the con artists resorted to automated scanning alternatively some PC-worm for hijacking the servers followed with planting the UDF.

And after it is run, the UDF pulls down online the malicious program obtainable from hijacked sites onto the contaminated MySQL server. Sometimes the installer even appends one fresh user account onto the PC.

Meanwhile, the majority of contaminated MySQL servers have been identified within China, India, USA, Brazil and Holland.

The task of MySQL server attackers have been eased with the widespread adoption of numerous readily-obtainable security flaws within MySQL along with the easily obtainable hacking toolkits particularly developed for exploiting MySQL server vulnerabilities.

Moreover, since huge volumes of data are exchanged between MySQL servers and other servers on the IT infrastructure of organizations, there's normally an allocation of higher bandwidth for such servers that can thus be abused for executing DDoS assaults of high volume in comparison with IoT devices, home PCs or Web servers.

Hence Gavin O Gorman Security Researcher with Symantec says that organizations mustn't operate their servers using admin rights whenever feasible. Besides they must patch software which utilize SQL servers while utilize best programming practices for decreasing SQL injection flaws. All these will help stop MySQL server assaults, Gorman explains. Fierceitsecurity.com reported this, October 29, 2015.

Lastly, Gorman advises to see if fresh user accounts exist while safely configure remote access utilities.

» SPAMfighter News - 11/2/2015