Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mysql.com Hacked, Made To Serve Malware

Posted by Soulskill on Monday September 26, 2011 @10:52AM from the high-profile-problems dept.

Orome1 writes "Mysql.com was compromised today, redirecting visitors to a page serving malware. Security firm Armorize detected the compromise through its website malware monitoring platform HackAlert, and has analyzed how the compromise of the site's visitors unfolded. The mysql.com website was injected with a script that generates an iFrame redirecting the visitors to a page where the BlackHole exploit pack is hosted." According to Brian Krebs, the exploit used to compromise the site was being shopped around last week for $3,000.

3 of 81 comments (clear)

Min score:

Reason:

Sort:

Already Fixed by InvisibleSoul · 2011-09-26 11:02 · Score: 3, Informative

http://www.pcworld.com/businesscenter/article/240609/mysqlcom_hacked_to_serve_malware.html Article says the site was already fixed as of 11am PST.
Re:Watch the video on the page, informative by mclearn · 2011-09-26 11:28 · Score: 4, Informative

I believe it was a multi-tiered attack in that Java, Flash, and PDF exploits were all tried. What is shown in the video is that the Java attack was successful.
Nobody said MySQL was cracked by MacGyver2210 · 2011-09-26 11:59 · Score: 3, Informative

Someone was shopping around the exploit used to hack the company's website - I am sure it had little to do with MySQL software unless it was an injection that got them access to change the site.

--
If the only way you can accept an assertion is by faith, then you are conceding that it can't be taken on its own merits