03-10-2011, 01:53 AM
MySQL.com hacked and was serving malware
I've not got this post up as fast as I'd have liked.. so I'm just going to give you a brief overview.
Security blogger Brian Krebs reports that he had seen a post last week on a Russian hacker forum by a member offering to sell root access MySQL.com for $3,000.
Below you can see a video of the attack in action.
Check out an in-depth view of the code and more from the link below
http://blog.armorize.com/2011/09/mysqlco...-with.html
I've not got this post up as fast as I'd have liked.. so I'm just going to give you a brief overview.
- The MySQL.com front page was compromised and had a malicious iframe injected in to it which linked to a malicious site which hosted a blackHole exploit "pack" that probes for known browser and plugin weaknesses and then stealthily installs malware on the visitor's PC.
- The exploit didn't required any interaction or confirmation from the user.
- Two different trojans were detected being sent to users, Troj/WndRed-C and Troj/Agent-TNV
- Because of the nature of the iframe attack, and the redirect chain the attackers could have easily varied the payload.
Security blogger Brian Krebs reports that he had seen a post last week on a Russian hacker forum by a member offering to sell root access MySQL.com for $3,000.
Below you can see a video of the attack in action.
Check out an in-depth view of the code and more from the link below
http://blog.armorize.com/2011/09/mysqlco...-with.html