MySQL site hacked Serves up malware in a white wine sauce

The number one MySql resources website was hacked and injected with a piece of malware that downloaded and installed itself on the victim machine without any interaction required from the user.

A web security outfit has warned that Mysql.com has been hacked and is currently serving malware.

Armorize [sic] said that it has found the hack through its website malware monitoring platform HackAlert. HackAlert also sends us angry emails most days.

MySQL site hacked Serves up malware in a white wine sauce
MySQL site hacked malware

Apparently the Mysql.com website is injected with a script that generates an iFrame that redirects the visitors to “http://truruhfhqnviaosdpruejeslsuy.cx.cc/main.php“. There, the BlackHole exploit pack is hosted which tinkers with the visitor’s browser.

It permanently installs a piece of malware into the visitor’s machine, without the visitor’s knowledge, and the the visitor doesn’t need to click or agree to anything.

The malware is unknown but only nine percent of anti-virus software can block it.

The domain reached through the iFrame is registered to Christopher J Klein from Miami and is located in Berlin, Germany. The domain serving the exploit and the malware is located in Stockholm, Sweden.

Writing from the bog, Sucuri Security researchers claim that the site has been compromised via JavaScript malware. This infects a web site through a compromised desktop and it can steal any stored password from the FTP client and uses that to attack the site.

The hack might be connected to something that Trend Micro  researchers noticed recently.

They said that they discovered a denizen of a Russian underground forum selling root access to some of the cluster servers of mysql.com and its subdomains, asking at least $3,000 for each access, and that they have notified mysql.com administrators of the discovery a week ago.