I think here is the reason that it only affects Windows machines with MySQL installed.

In linux by default in a lot of distributions being able to connect from network is disabled in mysql, or sets root password as php password, so the risk of that kind of worm (well, for systems that don't have even a basic firewall configured) is pretty low.

I found the answer here.

http://it.slashdot.org/comments.pl?sid=137476&cid=11494137

http://news.zdnet.com/2100-1009_22-5553570.html

The malicious program, known as the "MySQL bot" or by the name of its executable code, SpoolCLL, infects computers running the Microsoft Windows operating system and open-source database known as MySQL, the Internet Storm Center said in an advisory published Thursday. Early indications suggest that more than 8,000 computers may be infected so far, said the group, which monitors network threats.

The worm gets initial access to a database machine by guessing the password of the system administrator, using common passwords. It then uses a flaw in MySQL to run another type of program, known as bot software, which then takes full control of the system.

Is it really a flaw?

The worm gets initial access to a database machine by guessing the password of the system administrator, using common passwords.

How could this be a flaw. It seams to be more of a problem with windows administrators and weak passwords. The flaw involves allowing unsecure services to run wihout doing any sort of hardining or auditing at all. Any system administrator that allows a service to run without any such hardining deserves a worm infestation in my opinion.