Posted by: Samker
« on: 27. September 2011., 14:52:29 »UNIDENTIFIED ATTACKERS have compromised Mysql.com, home to one of the world's most popular database engines, and launched a drive-by download attack against the web site's visitors.
According to researchers from web security firm Armorize, who detected the attack, the hackers managed to inject rogue Javascript code into one of the web site's legitimate .js files.
The malicious code redirected visitors through a third-party domain and landed them on a web page that was part of a Blackhole exploit pack installation.
Blackhole is a web crimeware toolkit used for drive-by download attacks. It exploits vulnerabilities in older versions of web browsers, operating systems and web plug-ins, like Flash Player, Adobe Reader or Java.
"It exploits the visitor's browsing platform [...], and upon successful exploitation, permanently installs a piece of malware into the visitor's machine, without the visitor's knowledge," warned Armorize's co-founder and CEO Wayne Huang: http://blog.armorize.com/2011/09/mysqlcom-hacked-infecting-visitors-with.html
"The visitor doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection," he added.
The malicious code has been cleaned from the web site since Armorize's initial report, but it's estimated that it stayed live for around seven hours.
Given that Mysql.com is a very popular web site, ranking 637 on Alexa, and that the antivirus detection rate for the malware is still low at the time of writing this article, the total number of victims could be significant.
It's not clear what method the attackers used to compromise the web site, but security blogger Brian Krebs reports that root access to the server was advertised for $3,000 on a Russian underground forum almost a week ago: http://krebsonsecurity.com/2011/09/mysql-com-sold-for-3k-serves-malware/
The seller, who posted screenshots of what looked like a root login prompt, pointed out that the access could be used to plant a web exploit toolkit.
This is the second security breach registered on Mysql.com this year. Back in March, a hacker exploited an SQL injection vulnerability to obtain access to the web site's database.
(INQUIRER)