Following a report on the Australian whirlpool forums, there is a new possible worm in the wild. Similar to ‘Slammer’ and ‘SQLSnake’ in that it targets vulnerable MySQL servers, there is potential for this new worm to wreak havoc.

 SANS Internet Storm Center is suggesting that a rise in port 3306 scans could be a result of this new worm. Apparently the worm creates a file called ‘spoolcll.exe’.

Recommendation:

Until this worm has been identified and a hotfix or solution provided, it is recommended that Admin’s of Windows MySQL systems keep a close eye on their boxes and the above file appearing on their machines.