The high-profile MySQL.com web site was hacked and rigged to redirect users to malware-laden sites, according to warnings from security researchers.
The attack, spotted by researchers at Armorize, follows word at Russian underground forums that root access to MySQL.com was being sold for US$3,000.
The hacker selling access to MySQL.com boasts that the site attracts about 12 million users per month (39,000 per day).
The malware infection, done via iFrame redirection, was active for most of Monday morning but by 3:00PM Eastern, the site appeared to be cleaned.
Armorize researchers found a multi-step site redirection was being used to push MySQL.com visitors to a domain hosting the notorious BlackHole exploit back.
It exploits the visitor's browsing platform (the browser, the browser plugins like Adobe Flash, Adobe PDF, etc, Java, ...), and upon successful exploitation, permanently installs a piece of malware into the visitor's machine, without the visitor's knowledge. The visitor doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection.
The BlackHole exploit kit, available to cyber-criminals for a $1,500 annual licensing fee, is typically used to infect site visitors via drive-by downloads.