Wednesday, April 30, 2025
HomeCyber Security NewsDdostf DDoS Malware Attacking MySQL Servers in Windows Environments

Ddostf DDoS Malware Attacking MySQL Servers in Windows Environments

Published on

SIEM as a Service

Follow Us on Google News

Researchers found that vulnerable MySQL servers are being deployed with the Ddostf DDoS bot, which is capable of launching Distributed Denial of Service (DDoS) attacks.

Ddostf, which was first identified around 2016, is well-known for supporting both Windows and Linux platforms and is believed to have been built in China.

As such, attacks targeting MySQL servers operating in Windows environments are continuously being discovered, according to the AhnLab Security Emergency Response Center.

- Advertisement - Google News

Previous analysis indicates that Gh0st RAT and AsyncRAT malware variants account for most malware strains targeting susceptible MySQL servers.

Ddostf DDoS Bot Malware Attacking MySQL Servers

Ddostf has an ELF format that can be used in Linux environments and a PE format that can be used in Windows environments.  

Ddostf DDoS bot being installed via MySQL service
Ddostf DDoS bot being installed via MySQL service

The inclusion of the “ddos.tf” string in Ddostf’s binary is a distinguishing feature. Before registering as a service, Ddostf copies itself in the %SystemRoot% directory under a random name when it is executed.

When it first connects, it gathers the most basic data from the compromised device and transmits it to the C&C server, reads the report.

Document
Protect Your Storage With SafeGuard

Is Your Storage & Backup Systems Fully Protected? – Watch 40-second Tour of SafeGuard

StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.

The C&C server responds with data in addition to commands when it receives information from the compromised system. It contains the download URL, for instance, in the case of specific DDoS attack methods or download commands.

System information sent to the C&C server
System information sent to the C&C server

SYN Flood, UDP Flood, and HTTP GET/POST Flood attacks are just a few of the techniques used in internal DDoS attacks.

Further, Ddostf is unique in that it can establish a connection to a newly obtained address from the C&C server and run commands there for a certain amount of time.

This suggests that the threat actor Ddostf can infect a large number of systems and subsequently sell DDoS attacks as a service.

Dictionary and Brute Force AttacksServers

Generally, threat actors will use scans to find possible targets for their attacks. Scanners look for systems that use the 3306/TCP port, which is used by MySQL servers, among the systems that are publicly accessible.

Threat actors can then target the system using dictionary or brute-force attacks.

If the system manages user credentials improperly, threat actors may be able to get administrator account credentials.

Additionally, if the system is running an unpatched version with vulnerabilities, threat actors may be able to make use of these vulnerabilities.

Recommendation

  • Administrators should set strong passwords for their accounts and reset them regularly.
  • Applying the most recent fixes will also help to avoid vulnerability attacks.
  • Use security programs such as firewalls for externally accessible database servers.

Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Researchers Uncover SuperShell Payloads and Various Tools in Hacker’s Open Directories

Cybersecurity researchers at Hunt have uncovered a server hosting advanced malicious tools, including SuperShell...

Cyber Espionage Campaign Targets Uyghur Exiles with Trojanized Language Software

A sophisticated cyberattack targeted senior members of the World Uyghur Congress (WUC), the largest...

Konni APT Deploys Multi-Stage Malware in Targeted Organizational Attacks

A sophisticated multi-stage malware campaign, potentially orchestrated by the North Korean Konni Advanced Persistent...

Outlaw Cybergang Launches Global Attacks on Linux Environments with New Malware

The Outlaw cybergang, also known as “Dota,” has intensified its global assault on Linux...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Researchers Uncover SuperShell Payloads and Various Tools in Hacker’s Open Directories

Cybersecurity researchers at Hunt have uncovered a server hosting advanced malicious tools, including SuperShell...

Cyber Espionage Campaign Targets Uyghur Exiles with Trojanized Language Software

A sophisticated cyberattack targeted senior members of the World Uyghur Congress (WUC), the largest...

Konni APT Deploys Multi-Stage Malware in Targeted Organizational Attacks

A sophisticated multi-stage malware campaign, potentially orchestrated by the North Korean Konni Advanced Persistent...