MySQL hack leads to BlackHole exploit

News by Angela Moscoritolo

The MySQL website was hacked last night with a redirect to a malicious domain added.

The MySQL website was hacked last night with a redirect to a malicious domain added.

According to a blog post by Wayne Huang, CEO of web application company Armorize, it redirected to a domain hosting the BlackHole pack that exploits the visitor's browser and plugins to secretly install malware.

Huang said: “The visitor doesn't need to click or agree to anything; simply visiting with a vulnerable browsing platform will result in an infection.”

According to security blogger Brian Krebs, he was on "a fairly exclusive Russian hacker forum" last week and stumbled upon a member selling root access to

Krebs said: “The seller, ominously using the nickname ‘sourcec0de', pointed out that is a prime piece of real estate for anyone looking to plant an exploit kit: it boasts nearly 12 million visitors per month, almost 400,000 per day, and is ranked the 649th most-visited site by Alexa.

“He offered to sell remote access to the first person who paid him at least $3,000 via the site's Escrow service, which guarantees that both parties are satisfied with the transaction before releasing the funds.”

Krebs said that with 400,000 users a day, it was possible that 120,000 of them could have been exposed to the exploit kit.

This is not the first time MySQL has been compromised. In March, hackers infected the site and published a list of usernames and passwords online.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop