Wedge

Public area => The Pub => Off-topic => Topic started by: tfs on September 27th, 2011, 11:16 PM

Title: MySQL Website Compromised; Serves Malware to Visitors
Post by: tfs on September 27th, 2011, 11:16 PM

From SANS NewsBites Vol. 13 Num. 77,

 --MySQL Website Compromised; Serves Malware to Visitors (September 26, 2011)

On Monday, September 26, the MySQL website was compromised and was being
used to serve malware. The attack was discovered about 5 AM PDT; the
site was cleaned up several hours later. The JavaScript code known as
the Black Hole exploit kit attempts to launch a series of known browser
attacks against site visitors. Security journalist Brian Krebs noted
that administrative access to the site was being offered last week on
the hacker underground for US $3,000.

http://www.computerworld.com/s/article/9220295/MySQL.com_hacked_to_serve_malware?taxonomyId=17

http://www.theregister.co.uk/2011/09/26/mysql_hacked/

http://krebsonsecurity.com/2011/09/mysql-com-sold-for-3k-serves-malware/

[Editor's Note (Liston): This is the second time in a year that the
MySQL site has been compromised. The first compromise pegged the
ol' irony-meter by reportedly being the result of SQL-injection.  No
definitive word yet on the root cause of this latest attack.]

Title: Re: MySQL Website Compromised; Serves Malware to Visitors
Post by: Nao on September 27th, 2011, 11:25 PM

Maybe it's Oracle doing this to themselves to encourage people to upgrade to Oracle DB? :P

Title: Re: MySQL Website Compromised; Serves Malware to Visitors
Post by: Arantor on September 27th, 2011, 11:31 PM

Yeah, I'd heard about this; it's not great considering the resources available. I'm not sure it should be taken as ironic that it was an SQL injection - such an element is not a flaw in MySQL itself but a flaw in the application logic higher up.[1]

I doubt this is intentional on Oracle's side; it's not in their interest, because it's not like MySQL isn't making them money.

1.	But it sounds so good. I suspect the editor who wrote that doesn't really know what an SQL injection is.

Title: Re: MySQL Website Compromised; Serves Malware to Visitors
Post by: Nao on September 28th, 2011, 12:29 AM

Apparently this attack is the result of a weak/stolen admin password. No software holes.

Well, with this I learned that the Linux kernel website was hacked and has been down for a long time... Not so inspiring! "Okay, this OS is really insecure... I think I'll be using Windows instead. Never seen the Microsoft website go down!"

Title: Re: MySQL Website Compromised; Serves Malware to Visitors
Post by: Arantor on September 28th, 2011, 12:32 AM

And in the Linux.org case it was done through the human element being compromised rather than the technical element.