Windows is under attack. Systems operating with installations of MySQL database engine and Windows are accompanied by no-holds barred infections at the rate of 100 per minute when connected to the Internet.

The new backdoor program, named Forbot or Wootbot, infects by exploiting machines using any one of numerous MySQL applications. This is a real threat to the Internet community because MySQL is worldwide popular open source software, currently installed on more than 8 million systems. It is capable of providing extremely fast access to stored data and is arguably the most popular alternative to closed source SQL software produced by Microsoft.

Hackers have launched this attack against default Windows MySQL installations by manipulating the publicly released "MySQL UDF Dynamic Library Exploit" and administrator accounts with weak or nonexistent passwords, cracking accounts by trying values from a predefined list of around 1,000 passwords.

Infected systems them connect to an Internet Relay Chat server and propagate. According to Johannes Ullrich, chief technology officer at the SANS Internet Storm Center, more than 8,000 hosts were connected to the IRC server during the day on Thursday, one day after the onslaught began. He told eWeek.com that it is likely that even more infections have occurred but remain invisible due to the overwhelmed IRC server.

The SANS ISC recommends that administrators fortify their accounts by selecting a stronger password for their “root” account and by restricting remote access to the root account, as well as by using a competent firewall to close direct access to the Internet through port 3306.