MySQL.com hacked, redirects users to malware-laden sites

MySQL.com hacked, redirects users to malware-laden sites

Summary: The attack follows word at Russian underground forums that root access to MySQL.com was being sold for US$3,000.

SHARE:

The high-profile MySQL.com web site was hacked and rigged to redirect users to malware-laden sites, according to warnings from security researchers.

The attack, spotted by researchers at Armorize, follows word at Russian underground forums that root access to MySQL.com was being sold for US$3,000.

The hacker selling access to MySQL.com boasts that the site attracts about 12 million users per month (39,000 per day).

The malware infection, done via iFrame redirection, was active for most of Monday morning but by 3:00PM Eastern, the site appeared to be cleaned.

Armorize researchers found a multi-step site redirection was being used to push MySQL.com visitors to a domain hosting the notorious BlackHole exploit back.follow Ryan Naraine on twitter

It exploits the visitor's browsing platform (the browser, the browser plugins like Adobe Flash, Adobe PDF, etc, Java, ...), and upon successful exploitation, permanently installs a piece of malware into the visitor's machine, without the visitor's knowledge. The visitor doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection.

The BlackHole exploit kit, available to cyber-criminals for a $1,500 annual licensing fee, is typically used to infect site visitors via drive-by downloads.

Topics: Browser, Data Centers, Data Management, Enterprise Software, Open Source, Software, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

12 comments
Log in or register to join the discussion
  • RE: MySQL.com hacked, redirects users to malware-laden sites

    Sorry, but this can't possibly be true, for several reasons:
    1) Linux, we're constantly being told, is the world's safest OS
    2) Linux is OSS so everyone can and has read every line of code and identified and eliminated every attack vector
    3) DTS stakes his reputation on the above, so Linux MUST be entirely impregnible.

    Right?

    Right.
    bitcrazed
    • RE: MySQL.com hacked, redirects users to malware-laden sites

      @bitcrazed
      +1
      ;)
      William Farrell
    • And when it turns out the site was hacked by someone

      guessing a weak password?...
      baggins_z
      • RE: MySQL.com hacked, redirects users to malware-laden sites

        @baggins_z - It'll just go to show that NO platform is immune to wetware-hacking. Not only, that, but EVERY platform has multiple attack vectors which can, when combined, bring a site/network/system to its knees in minutes.

        The Linux.org and now the MySql.org sites falling within days of one another proves once and for all that Linux is not immune to the malicious b@$tards out there.

        I stake my reputation on it ;)
        bitcrazed
      • RE: MySQL.com hacked, redirects users to malware-laden sites

        @bitcrazed

        You have some inside information that shows both Linux.org and Mysql.org were hacked via the OS and not the web sites. Didnt think so.
        daikon
    • RE: MySQL.com hacked, redirects users to malware-laden sites

      @bitcrazed
      You have either failed to read the article or just trolling. I say trolling. At the time of article Web site was hacked.

      Yet you have nothing to show the OS was hacked right?
      Right
      DTS staked his reputation on Ubuntu, was mysql.com running Ubuntu, No.
      daikon
      • RE: MySQL.com hacked, redirects users to malware-laden sites

        @daikon

        Well if the root access was for sell on russian forum, it means the OS was probably hacked.I doubt MySql team where dumb to the point to leave their root access password on their web directory.
        SylvainT
    • RE: MySQL.com hacked, redirects users to malware-laden sites

      @bitcrazed

      Hehe, good one
      SylvainT
  • Microsoft behind it!!

    Let me be the 1st to point out the obvious for die hard FOSS fans.
    LBiege
  • RE: MySQL.com hacked, redirects users to malware-laden sites

    From the article:
    "The malware infection, done via iFrame redirection ...

    Jeez, iFrames are nasty. Disable the thing and use it ONLY when you must.
    Rabid Howler Monkey
  • RE: MySQL.com hacked, redirects users to malware-laden sites

    That'll put a dent in Oracle's plans
    hubivedder
  • The Funny Thing, Of Course...

    ...is that all the malware was WINDOWS-specific malware! Linux users would simply have viewed the rogue site with bemusement.
    ldo17