hack serves up malware to site visitors

The open source database website has been hacked, leaving site visitors exposed to malicious code.

The open source database website has been hacked, leaving site visitors exposed to malicious code, according to internet reports.

Web security firm Armorize outlined the hack on its company blog, warning the Oracle-owned open source database website is serving malware.

In a blog post, Graham Cluley, senior technology consultant at Sophos, warned that simply by visiting the homepage of the website, a Java exploit downloads malicious code onto PCs running Microsoft Windows.

"The attraction for malicious hackers is obvious. reportedly receives almost 12 million visitors a month (nearly 400,000 a day), meaning there is a steady stream of potential victim computers visiting the site which could become infected through a drive-by download," he said.

Cluley added that Sophos had detected the malware as Troj/WndRed-C but the malicious software could be changed at any time by the cybercriminals.

"The infection is embarrassing to, which suffered another hack earlier this year. On that occasion, hackers exploited an SQL injection vulnerability to expose usernames and poorly chosen passwords," said Cluley.

Oracle had not responded to a request for comment at the time of publication.

Video: Armorize shows how visitors are infected with malware when visiting the site

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.