TechTarget

MySQL.com hack serves up malware to site visitors

The open source database website MySQL.com has been hacked, leaving site visitors exposed to malicious code.

The open source database website MySQL.com has been hacked, leaving site visitors exposed to malicious code, according to internet reports.

Web security firm Armorize outlined the hack on its company blog, warning the Oracle-owned open source database website is serving malware.

In a blog post, Graham Cluley, senior technology consultant at Sophos, warned that simply by visiting the homepage of the website, a Java exploit downloads malicious code onto PCs running Microsoft Windows.

"The attraction for malicious hackers is obvious. MySQL.com reportedly receives almost 12 million visitors a month (nearly 400,000 a day), meaning there is a steady stream of potential victim computers visiting the site which could become infected through a drive-by download," he said.

Cluley added that Sophos had detected the malware as Troj/WndRed-C but the malicious software could be changed at any time by the cybercriminals.

"The infection is embarrassing to MySQL.com, which suffered another hack earlier this year. On that occasion, hackers exploited an SQL injection vulnerability to expose usernames and poorly chosen passwords," said Cluley.

Oracle had not responded to a request for comment at the time of publication.

Video: Armorize shows how visitors are infected with malware when visiting the MySQL.com site

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close