Symantec discovered malware that targeted MySQL servers to make them conduct distributed denial-of-service (DDoS) attacks against other websites. The attackers initially injected a malicious user-defined function (Downloader.Chikdos) into servers in order to compromise them with the Trojan.Chikdos.A DDoS malware. To protect against these types of attacks, SQL servers should not be run with administrator privileges where possible.
Read more here – http://www.symantec.com/connect/blogs/mysql-servers-hijacked-malware-perform-ddos-attacks