MySQL.com compromised spreading malware

Published: 2011-09-26
Last Updated: 2011-09-26 21:50:32 UTC
by Jason Lam (Version: 1)
6 comment(s)

MySQL.com have been compromised and spreading malware. This was first spotted by the folks over at Amorize. Looks like there is a piece of Javascript on mysql.com containing some obfuscated iframe link which in turn link the user to the malicious content - Blackhole exploit kit. A torrent of exploits then hit the user's browser, PDF component, Java..

The issues had now been cleaned up on mysql.com but no further words on the scope of the compromise. It also appears to be the second time this year. In the last incident, SQL injection was used to gain access to the information on the site.

 

Keywords: compromised
6 comment(s)

Comments

I particularly like how Oracle hasn't put a single mention of what happened on the site. Not on the home page and not in the news section.

This total denial through silence is getting to be too common.
I agree with Oracle, why glorify the incident to those that hacked the site.
On the other hand, why bother warning the middle- and upper-management types who might want to browse mysql.com to find out what that MySQL thingy those IT types are always on about around the water cooler?
What about all of the people who visit the site and may be infected? The ethical thing to do is let everyone know what happened and when so if they had visited the site during that time they can make sure their system hasn't been comprised.
This is a very dangerous break-in considering that the people visiting the site might be SQL administrators for various companies and organizations. It wouldn't take much for a rogue keylogger on a SQL administrator's machine to do damage to a companies internal data security.
This has nothing to do with "glorifying the incident." It has to do with Oracle ignoring or minimizing the risk they cause. It's no different than when they modify the CVSS scores with their own formula just to lower the risk number.

Diary Archives