Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: MySQL.com compromised spreading malware SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MySQL.com compromised spreading malware

MySQL.com have been compromised and spreading malware. This was first spotted by the folks over at Amorize. Looks like there is a piece of Javascript on mysql.com containing some obfuscated iframe link which in turn link the user to the malicious content - Blackhole exploit kit. A torrent of exploits then hit the user's browser, PDF component, Java..

The issues had now been cleaned up on mysql.com but no further words on the scope of the compromise. It also appears to be the second time this year. In the last incident, SQL injection was used to gain access to the information on the site.

 

 Jason

93 Posts
ISC Handler
Subscribe Sep 26th 2011
8 years ago
I particularly like how Oracle hasn't put a single mention of what happened on the site. Not on the home page and not in the news section.

This total denial through silence is getting to be too common.
 Anonymous
Quote Sep 27th 2011
8 years ago
I agree with Oracle, why glorify the incident to those that hacked the site.
 Anonymous
Quote Sep 27th 2011
8 years ago
On the other hand, why bother warning the middle- and upper-management types who might want to browse mysql.com to find out what that MySQL thingy those IT types are always on about around the water cooler?
 No Love.

37 Posts
Quote Sep 27th 2011
8 years ago
What about all of the people who visit the site and may be infected? The ethical thing to do is let everyone know what happened and when so if they had visited the site during that time they can make sure their system hasn't been comprised.
 Anonymous
Quote Sep 27th 2011
8 years ago
This is a very dangerous break-in considering that the people visiting the site might be SQL administrators for various companies and organizations. It wouldn't take much for a rogue keylogger on a SQL administrator's machine to do damage to a companies internal data security.
Robert

1 Posts
Quote Sep 27th 2011
8 years ago
This has nothing to do with "glorifying the incident." It has to do with Oracle ignoring or minimizing the risk they cause. It's no different than when they modify the CVSS scores with their own formula just to lower the risk number.
 Anonymous
Quote Sep 27th 2011
8 years ago

Sign Up for Free or Log In to start participating in the conversation!