MySQL Website Infected

According to the report of some Internet security outfit, the Mysql.com website has recently been hacked. They warn everyone that the site is currently serving malware.

30488328.jpg


Security outfit Armorize announced that they have found the intrusion through its site malware monitoring platform known as HackAlert. The latter also sends the Internet users angry emails most days.

It seems that the Mysql.com website has been injected with some script generating an iFrame, which redirects the Internet users to a jaw-breaker “http://truruhfhqnviaosdpruejeslsuy.cx.cc/main.php”. Once you get there, your browser will be tinkered by the BlackHole exploit pack, which is hosted at the abovementioned link. This wonderful pack permanently installs a piece of malware into your computer, and you won’t even notice the action. The matter is that the installation package doesn’t require you to click or agree to anything, so the malware will be integrated into your machine without your knowledge.

Since this kind of malware is still unknown for the most of the security labs, only 9% of anti-virus applications are able to detect and block it. You can imagine the number of the computers that will potentially be infected, turning out to be among the rest 91% of unprotected machines.

Meanwhile, the domain name you reach through the iFrame is located in Germany, but registered to Christopher J Klein from Miami. Meanwhile, the domain that distributes the exploit pack and the malware resides in Stockholm, Sweden.

The security experts are already investigating the problem. For example, Sucuri Security researchers have found out that the website has been compromised via JavaScript malware. In its turn, the malware infects online service via a compromised desktop. In addition, it is able to steal any stored password from the FTP client in order to use that to launch a cyber attack on the website.

Other security experts point out that this hack might be connected to the fact revealed recently by Trend Micro researchers, who announced to discover a denizen of some Russian underground forum engaged into selling root access to a number of the cluster servers of mysql.com, along with its subdomains. The guys ask at least $3,000 for each access. The security company admitted it has notified mysql.com admins of this fact more than a week ago. 

No comments