MySQL hack leads to BlackHole exploit
The MySQL website was hacked last night with a redirect to a malicious domain added.
According to a blog post by Wayne Huang, CEO of web application company Armorize, it redirected to a domain hosting the BlackHole pack that exploits the visitor's browser and plugins to secretly install malware.
Huang said: “The visitor doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection.”
According to security blogger Brian Krebs, he was on "a fairly exclusive Russian hacker forum" last week and stumbled upon a member selling root access to mysql.com.
Krebs said: “The seller, ominously using the nickname ‘sourcec0de', pointed out that mysql.com is a prime piece of real estate for anyone looking to plant an exploit kit: it boasts nearly 12 million visitors per month, almost 400,000 per day, and is ranked the 649th most-visited site by Alexa.
“He offered to sell remote access to the first person who paid him at least $3,000 via the site's Escrow service, which guarantees that both parties are satisfied with the transaction before releasing the funds.”
Krebs said that with 400,000 users a day, it was possible that 120,000 of them could have been exposed to the exploit kit.
This is not the first time MySQL has been compromised. In March, hackers infected the site and published a list of usernames and passwords online.