Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43438
  • Total Topics: 16532
  • Online today: 3056
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 3
Guests: 2925
Total: 2928









Author Topic: Blackhole exploit hack Mysql.com, second time in this Year  (Read 3242 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Blackhole exploit hack Mysql.com, second time in this Year
« on: 27. September 2011., 14:52:29 »


UNIDENTIFIED ATTACKERS have compromised Mysql.com, home to one of the world's most popular database engines, and launched a drive-by download attack against the web site's visitors.

According to researchers from web security firm Armorize, who detected the attack, the hackers managed to inject rogue Javascript code into one of the web site's legitimate .js files.

The malicious code redirected visitors through a third-party domain and landed them on a web page that was part of a Blackhole exploit pack installation.

Blackhole is a web crimeware toolkit used for drive-by download attacks. It exploits vulnerabilities in older versions of web browsers, operating systems and web plug-ins, like Flash Player, Adobe Reader or Java.

"It exploits the visitor's browsing platform [...], and upon successful exploitation, permanently installs a piece of malware into the visitor's machine, without the visitor's knowledge," warned Armorize's co-founder and CEO Wayne Huang: http://blog.armorize.com/2011/09/mysqlcom-hacked-infecting-visitors-with.html

"The visitor doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection," he added.

The malicious code has been cleaned from the web site since Armorize's initial report, but it's estimated that it stayed live for around seven hours.

Given that Mysql.com is a very popular web site, ranking 637 on Alexa, and that the antivirus detection rate for the malware is still low at the time of writing this article, the total number of victims could be significant.

It's not clear what method the attackers used to compromise the web site, but security blogger Brian Krebs reports that root access to the server was advertised for $3,000 on a Russian underground forum almost a week ago: http://krebsonsecurity.com/2011/09/mysql-com-sold-for-3k-serves-malware/

The seller, who posted screenshots of what looked like a root login prompt, pointed out that the access could be used to plant a web exploit toolkit.

This is the second security breach registered on Mysql.com this year. Back in March, a hacker exploited an SQL injection vulnerability to obtain access to the web site's database.

(INQUIRER)

Samker's Computer Forum - SCforum.info

Blackhole exploit hack Mysql.com, second time in this Year
« on: 27. September 2011., 14:52:29 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023