Jump to content

MySQL Way Beyond Hacked


Dan
 Share

Recommended Posts

Mysql.com
has been hacked and is currently serving malware, Armorize warns.

 

The company has detected the compromise through its website malware monitoring platform HackAlert, and has analyzed how the compromise of the site's visitors unfolds.

 

The mysql.com website is injected with a script that generates an iFrame that redirects the visitors tohttp://truruhfhqnviaosdpruejeslsuy.cx.cc/main.php, where the BlackHole exploit pack is hosted.

 

"It exploits the visitor's browsing platform (the browser, the browser plugins like Adobe Flash, Adobe PDF, etc, Java, ...), and upon successful exploitation, permanently installs a piece of malware into the visitor's machine, without the visitor's knowledge," say the researchers. "The visitor doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection."

 

What type of malware is served is still unknown, but the worrying thing is that currently only 9 percent of the AV solutions used by VirusTotal block it.

 

It is, of course, impossible to say who the attackers are. The domain reached through the iFrame is registered to one Christopher J Klein from Miami and is located in Berlin, Germany. The domain serving the exploit and the malware is located in Stockholm, Sweden.

 

The administrators of the mysql.com domain are being contacted, but the site is still up and compromised, say the researchers.

 

Read More....

Link to comment
Share on other sites

  • Replies 1
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share




×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.