Open Source Fact and Fiction

Alan Shimel

Previous Article Next Article

MySQL.Com Website Hacked

Visitors in danger of malware injections

By Alan Shimel on Mon, 09/26/11 - 3:38pm.

. What's this?

Hackers have hacked the MySQL.com website and injected code that will unknowingly infect visitors with malware according to the security firm Armorize. If you are using an older browser version or not kept up with Flash and other upgrades, you could be infected while visiting the site without any pop ups or anything warning you of code being installed on your machine.

I had a chance to speak with Wayne Huang, CEO of Armorize shortly after his company posted news of this exploit on their blog. Armorize's HackAlert^TM routinely scans popular websites on the look out for malware and other evidence of hacking. Earlier today they started getting alerts when looking at MySQL.com. Closer examination confirmed that someone had been able to insert code into the site. The compromise redirects traffic to a BlackHole exploit pack that leverages the visitor’s browsing platform and force installs a piece of malware on the visitor’s machine. There is no pop up window and the visitor does not need to acknowledge or agree to the installation, simply visiting mysql.com with a vulnerable browsing platform will result in an infection.

Here is a YouTube the Armorize team prepared on this:

Huang's team has already contacted MySQL and their corporate overlords, Oracle. Supposedly the injected code in question has been removed as of now. However, Huang cautions that generally once the hackers gain access besides the obvious way of removing the code they left, often times the hackers will leave other back doors and booby traps which could still prove dangerous to visitors. I would be careful visiting MySQL.com right now. As you should do all the time, make sure you are using the latest versions of your browser, plug ins and anti-malware. These attacks are very sophisticated and hard to detect.

The Armorize folks will have a video of the exploit up shortly and already have the code in question highlighted. Huang says that the fact Armorize found this so quickly may have prevented the hackers from perfecting the payload they were looking to deliver. It is not clear at this point which specific malware was going to be injected with this attack. Huang speculates that Armorize finding it this quickly did not give the hackers time to perfect.

Good work by Amrorize picking this up and another reminder to be careful when on the Internet.

Tags

What is Tech Briefcase?

TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more

Bookmark content

Speed up your research efforts with content across the web.

Search and Store

Find the white papers you need. Create folders for any topic.

View Anywhere

Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.

Don't have an account yet?

About Open Source Fact and Fiction

As co-founder and Managing Partner at The CISO Group, Alan Shimel is responsible for driving the vision and mission of the company. The CISO Group offers security consulting and PCI compliance management for the payment card industry. Prior to The CISO Group, Alan was the Chief Strategy Officer at StillSecure. Shimel was the public persona of StillSecure as it grew from start up to helping defend some of the largest and most sensitive networks in the world.

Shimel is an often-cited personality in the technology community and is a sought-after speaker at industry and government conferences and events. His commentary about the state of security, open source and life is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan is now also a regular contributor to The CISO Group’s security.exe blog and podcast.

Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.

Disclosure: The CISO Group sells a software-as-a-service PCI compliance application called SAQPro. The company is independent and does not represent any other vendor's products as a reseller.

Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited.