IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

MySQL.com hacked again

MySQL.com is found serving malware after the second known hack on the website this year.

MySQL

For the second time in a year, MySQL.com has been hacked and is serving malware.

Security firm Amorize found some highly obfuscated injected JavaScript on the website, noting that visitors would be hit by the BlackHole exploit kit.

"It exploits the visitor's browsing platform ... and upon successful exploitation, permanently installs a piece of malware into the visitor's machine, without the visitor's knowledge," the company's co-founder Wayne Huang said in a blog post.

"The visitor doesn't need to click or agree to anything - simply visiting MySQL.com with a vulnerable browsing platform will result in an infection."

Huang said he was unsure who was behind the attack. Amorize was attempting to contact MySQL.com yesterday, but had not confirmed if the site had responded.

On the KrebsonSecurity blog, Brian Krebs claimed he had found evidence administrative access to MySQL.com was being sold in an "exclusive Russian hacker forum." The seller went by the name of sourcec0de.'

Worryingly for IT departments, using test site Virus Total, Huang showed only six out of 43 anti-virus engines could detect the malware being served by MySQL.com. When the company first blogged, only four were able to do so.

The video below shows how MySQL.com was serving malware:

MySQL.com was hacked in March 2011, ironically by an SQL injection attack.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
Delivery firm Yodel disrupted by cyber attack
cyber attacks

Delivery firm Yodel disrupted by cyber attack

21 Jun 2022