September 26, 2011

MySQL.com hacked to distribute malware

Hackers on Monday compromised MySQL.com, the official website for the popular open-source MySQL database, to distribute malware to visitors, according to security researchers.

The hack caused those who visited the site on Monday morning to be redirected to a domain that attempted to install malware on their machines via the Black Hole exploit pack, Wayne Huang, CEO of web application firm Armorize, said in a blog post Monday. The site appeared to be cleaned by 3 p.m. EST, according to reports.

The Black Hole pack attempted to launch a number of exploits against users' browsers and plug-ins, such as Adobe Flash and Java. If successful, users' machines silently were hit with malware, which was detected early Monday by just over 10 percent of the most widely used anti-virus programs.

“The visitor doesn't need to click or agree to anything," Huang wrote while the attack was still active. "Simply visiting MySQL.com with a vulnerable browsing platform will result in an infection."

Oracle, which owns MySQL, did not immediately respond Monday when contacted by SCMagazineUS.com.

This is not the first time MySQL.com has been compromised. In March, hackers infected the site via SQL injection and published a list of usernames and passwords online.

Related Articles
Related Topics
Related Links

Sign up to our newsletters

More in News

House Intelligence Committee OKs amended version of controversial CISPA

Despite the 18-to-2 vote in favor of the bill proposal, privacy advocates likely will not be satisfied, considering two key amendments reportedly were shot down.

Judge rules hospital can ask ISP for help in ID'ing alleged hackers

The case stems from two incidents where at least one individual is accused of accessing the hospital's network to spread "defamatory" messages to employees.

Three LulzSec members plead guilty in London

Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.