News

MySQL.com hack serves up malware to site visitors

Jenny Williams

The open source database website MySQL.com has been hacked, leaving site visitors exposed to malicious code, according to internet reports.

Web security firm Armorize outlined the hack on its company blog, warning the Oracle-owned open source database website is serving malware.

In a blog post, Graham Cluley, senior technology consultant at Sophos, warned that simply by visiting the homepage of the website, a Java exploit downloads malicious code onto PCs running Microsoft Windows.

"The attraction for malicious hackers is obvious. MySQL.com reportedly receives almost 12 million visitors a month (nearly 400,000 a day), meaning there is a steady stream of potential victim computers visiting the site which could become infected through a drive-by download," he said.

Cluley added that Sophos had detected the malware as Troj/WndRed-C but the malicious software could be changed at any time by the cybercriminals.

"The infection is embarrassing to MySQL.com, which suffered another hack earlier this year. On that occasion, hackers exploited an SQL injection vulnerability to expose usernames and poorly chosen passwords," said Cluley.

Oracle had not responded to a request for comment at the time of publication.

Video: Armorize shows how visitors are infected with malware when visiting the MySQL.com site


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy