Hackers have hacked the MySQL.com website and injected code that will unknowingly infect visitors with malware according to the security firm Armorize. If you are using an older browser version or not kept up with Flash and other upgrades, you could be infected while visiting the site without any pop ups or anything warning you of code being installed on your machine.
I had a chance to speak with Wayne Huang, CEO of Armorize shortly after his company posted news of this exploit on their blog. Armorize's HackAlertTM routinely scans popular websites on the look out for malware and other evidence of hacking. Earlier today they started getting alerts when looking at MySQL.com. Closer examination confirmed that someone had been able to insert code into the site. The compromise redirects traffic to a BlackHole exploit pack that leverages the visitor’s browsing platform and force installs a piece of malware on the visitor’s machine. There is no pop up window and the visitor does not need to acknowledge or agree to the installation, simply visiting mysql.com with a vulnerable browsing platform will result in an infection.
Here is a YouTube the Armorize team prepared on this:
Huang's team has already contacted MySQL and their corporate overlords, Oracle. Supposedly the injected code in question has been removed as of now. However, Huang cautions that generally once the hackers gain access besides the obvious way of removing the code they left, often times the hackers will leave other back doors and booby traps which could still prove dangerous to visitors. I would be careful visiting MySQL.com right now. As you should do all the time, make sure you are using the latest versions of your browser, plug ins and anti-malware. These attacks are very sophisticated and hard to detect.
The Armorize folks will have a video of the exploit up shortly and already have the code in question highlighted. Huang says that the fact Armorize found this so quickly may have prevented the hackers from perfecting the payload they were looking to deliver. It is not clear at this point which specific malware was going to be injected with this attack. Huang speculates that Armorize finding it this quickly did not give the hackers time to perfect.
Good work by Amrorize picking this up and another reminder to be careful when on the Internet.