/>
X

MySQL.com hacked, redirects users to malware-laden sites

The attack follows word at Russian underground forums that root access to MySQL.com was being sold for US$3,000.
ryan-naraine.jpg
Written by Ryan Naraine, Contributor on
The high-profile MySQL.com web site was hacked and rigged to redirect users to malware-laden sites, according to warnings from security researchers.

The attack, spotted by researchers at Armorize, follows word at Russian underground forums that root access to MySQL.com was being sold for US$3,000.

The hacker selling access to MySQL.com boasts that the site attracts about 12 million users per month (39,000 per day).

The malware infection, done via iFrame redirection, was active for most of Monday morning but by 3:00PM Eastern, the site appeared to be cleaned.

Armorize researchers found a multi-step site redirection was being used to push MySQL.com visitors to a domain hosting the notorious BlackHole exploit back.

It exploits the visitor's browsing platform (the browser, the browser plugins like Adobe Flash, Adobe PDF, etc, Java, ...), and upon successful exploitation, permanently installs a piece of malware into the visitor's machine, without the visitor's knowledge. The visitor doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection.

The BlackHole exploit kit, available to cyber-criminals for a $1,500 annual licensing fee, is typically used to infect site visitors via drive-by downloads.

Related

Are you ready for the worst Economy Class airline seats in the world?
airline-seats.jpg

Are you ready for the worst Economy Class airline seats in the world?

Business
Microsoft Azure-certified roles are well-paid, and you can study for certification for $39
replace-this-image.jpg

Microsoft Azure-certified roles are well-paid, and you can study for certification for $39

Deals
Here's how Apple tells if you've dropped your iPhone into water
Liquid Contact Indicator stickers

Here's how Apple tells if you've dropped your iPhone into water

iPhone