The number one MySql resources website was hacked and injected with a piece of malware that downloaded and installed itself on the victim machine without any interaction required from the user.
A web security outfit has warned that Mysql.com has been hacked and is currently serving malware.
Armorize [sic] said that it has found the hack through its website malware monitoring platform HackAlert. HackAlert also sends us angry emails most days.
Apparently the Mysql.com website is injected with a script that generates an iFrame that redirects the visitors to “http://truruhfhqnviaosdpruejeslsuy.cx.cc/main.php“. There, the BlackHole exploit pack is hosted which tinkers with the visitor’s browser.
It permanently installs a piece of malware into the visitor’s machine, without the visitor’s knowledge, and the the visitor doesn’t need to click or agree to anything.
The malware is unknown but only nine percent of anti-virus software can block it.
The domain reached through the iFrame is registered to Christopher J Klein from Miami and is located in Berlin, Germany. The domain serving the exploit and the malware is located in Stockholm, Sweden.
The hack might be connected to something that Trend Micro researchers noticed recently.
They said that they discovered a denizen of a Russian underground forum selling root access to some of the cluster servers of mysql.com and its subdomains, asking at least $3,000 for each access, and that they have notified mysql.com administrators of the discovery a week ago.