Mysql.com hacked, serving malware

Help Net Security, September 26, 2011

Mysql.com has been hacked and is currently serving malware, Armorize warns. The company has detected the compromise through its website malware monitoring platform HackAlert, and has analyzed how the compromise of the site’s visitors unfolds. The mysql.com website is injected with a script that generates an iFrame that redirects the visitors to http://truruhfhqnviaosdpruejeslsuy.cx.cc/main.php, where the BlackHole exploit pack is hosted.  “It exploits the visitor’s browsing platform (the browser, the browser plugins like Adobe Flash, Adobe PDF, etc, Java, …), and upon successful exploitation, permanently installs a piece of malware into the visitor’s machine, without the visitor’s knowledge,” say the researchers. “The visitor doesn’t need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection.” What type of malware is served is still unknown, but the worrying thing is that currently only 9 percent of the AV solutions used by VirusTotal block it. http://www.net-security.org/malware_news.php?id=1853&utm_source=twitterfeed&utm_medium=twitter&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Advertisements
  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: