Search This Blog

MySQL.com is hacked and infected by Malware ~ Exploits Visitor's Broswer



MySQL.com is hacked and infected by Malware ,detected by HackAlert 24x7 Website malware monitoring platform. If you visit the website , your system will be infected by malware without your knowledge and crash your flash player,java.



 

Infection Process:
if you visit , you will run the malicious javascript code.

This code generates this Iframe
http://falosfax.in/info/in.cgi?5&ab_iframe=1&ab_badtraffic=1&antibot_hash=1255098964&ur=1&HTTP_REFERER=http://mysql.com/

and Throws out a 302 redirect to

http://truruhfhqnviaosdpruejeslsuy.cx.cc/main.php



This domain hosts the BlackHole exploit pack. It exploits the visitor's browsing platform (the browser, the browser plugins like Adobe Flash, Adobe PDF, etc, Java, ...), and upon successful exploitation, permanently installs a piece of malware into the visitor's machine, without the visitor's knowledge. The visitor doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection.

Currently, 4 out of 44 vendors on VirusTotal can detect this piece of malware.

Trend Micros said:
"We recently found an interesting post in a Russian underground forum in the course of our research. People exchange information about their illegal activities in these kinds of forums. We found a user in the forum with the handle ‘sourcec0de‘ and ICQ number ’291149′ who is currently offering root access to some of the cluster servers of mysql.com and its subdomains.

The price for each access starts at $3,000 USD, with the exchange of money/access being provided by the well known garant/escrow system, whereby a trusted third party verifies both sides of the transaction."


The mysql.com website is as of now, still serving this exploit and malware.

armorize.com trying to contact mysql.com


Share it:

BlackHole Exploit

Malware Attack

Malware Report

Server Exploit

Virus Attack