The open source database website MySQL.com has been hacked, leaving site visitors exposed to malicious code, according to internet reports.
In a blog post, Graham Cluley, senior technology consultant at Sophos, warned that simply by visiting the homepage of the website, a Java exploit downloads malicious code onto PCs running Microsoft Windows.
"The attraction for malicious hackers is obvious. MySQL.com reportedly receives almost 12 million visitors a month (nearly 400,000 a day), meaning there is a steady stream of potential victim computers visiting the site which could become infected through a drive-by download," he said.
Cluley added that Sophos had detected the malware as Troj/WndRed-C but the malicious software could be changed at any time by the cybercriminals.
"The infection is embarrassing to MySQL.com, which suffered another hack earlier this year. On that occasion, hackers exploited an SQL injection vulnerability to expose usernames and poorly chosen passwords," said Cluley.
Oracle had not responded to a request for comment at the time of publication.
Video: Armorize shows how visitors are infected with malware when visiting the MySQL.com site