October 28, 2016

MySQL.com Hacked To Serve Up Malware

(LiveHacking.Com) – MySQL.com was hacked yesterday to redirect users to a site that downloaded and executed malicious code on the visitor’s Windows computer without any user interaction. The site has since been cleaned up and is now working normally.

According to Armorize, who first reported the problem, the hack used a combination of JavaScript and iframes to send the user to truruhfhqnviaosdpruejeslsuy.cx.cc, a domain specifically created to spread the malware. From there the hacker used the BlackHole Toolkit to infect the visitor’s Windows PC with malware without the visitor’s knowledge. The visitor doesn’t need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform resulted in an infection.

The BlackHole Toolkit attempts to exploit a large number of weaknesses on the visitor’s computer including the browser and the browser plugins like Adobe Flash, Adobe PDF,  Java etc. Any visitors with an out-of-date browser or any unknown (zero-day) exploits will allow the toolkit to infect the PC.

It is estimated that MySQL.com receives almost 12 million visitors a month (nearly 400,000 a day), meaning that there was large number of  potential victims whilst the site was infected.

MySQL.com was also attacked in March, when hackers “TinKode” and “NeOh” took credit for exploiting a SQL injection flaw. As a result they posted a list of usernames and passwords online.