« Pre-made CSS/HTML framework?
MySQL Website Compromised; Serves Malware to Visitors
Vimeo »

tfs

  • Wow! You guys have been busy beavers. :)
  • Posts: 78
MySQL Website Compromised; Serves Malware to Visitors
« on September 27th, 2011, 11:16 PM »
From SANS NewsBites Vol. 13 Num. 77,

 --MySQL Website Compromised; Serves Malware to Visitors (September 26, 2011)

On Monday, September 26, the MySQL website was compromised and was being
used to serve malware. The attack was discovered about 5 AM PDT; the
site was cleaned up several hours later. The JavaScript code known as
the Black Hole exploit kit attempts to launch a series of known browser
attacks against site visitors. Security journalist Brian Krebs noted
that administrative access to the site was being offered last week on
the hacker underground for US $3,000.

http://www.computerworld.com/s/article/9220295/MySQL.com_hacked_to_serve_malware?taxonomyId=17

http://www.theregister.co.uk/2011/09/26/mysql_hacked/

http://krebsonsecurity.com/2011/09/mysql-com-sold-for-3k-serves-malware/

[Editor's Note (Liston): This is the second time in a year that the
MySQL site has been compromised. The first compromise pegged the
ol' irony-meter by reportedly being the result of SQL-injection.  No
definitive word yet on the root cause of this latest attack.]
"God is dead." -Nietzsche 1883
"Nietzsche is dead." -God 1900

Nao

  • Dadman with a boy
  • Posts: 16,082

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: MySQL Website Compromised; Serves Malware to Visitors
« Reply #2, on September 27th, 2011, 11:31 PM »
Yeah, I'd heard about this; it's not great considering the resources available. I'm not sure it should be taken as ironic that it was an SQL injection - such an element is not a flaw in MySQL itself but a flaw in the application logic higher up.[1]

I doubt this is intentional on Oracle's side; it's not in their interest, because it's not like MySQL isn't making them money.
 1. But it sounds so good. I suspect the editor who wrote that doesn't really know what an SQL injection is.
When we unite against a common enemy that attacks our ethos, it nurtures group solidarity. Trolls are sensational, yes, but we keep everyone honest. | Game Memorial

Nao

  • Dadman with a boy
  • Posts: 16,082
Re: MySQL Website Compromised; Serves Malware to Visitors
« Reply #3, on September 28th, 2011, 12:29 AM »
Apparently this attack is the result of a weak/stolen admin password. No software holes.

Well, with this I learned that the Linux kernel website was hacked and has been down for a long time... Not so inspiring! "Okay, this OS is really insecure... I think I'll be using Windows instead. Never seen the Microsoft website go down!"

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
« Pre-made CSS/HTML framework?
Vimeo »