If you’re running a MySQL server on Windows, ensure that you have a rock-solid, hard-to-crack root password or, smarter yet, turn off remote root access. The Internet Storm Center logs a nasty bot that’s taking over Windows machines (an easy task, let’s admit it) using MySQL servers with weak root passwords.
Like any application exposed to the internet, it’s wise to disable the standard built-in user name and/or beef up the passwords to ones very difficult to crack.