ID: IRCNE2011091262
Date: 2011-09-27
According to "computerworld", the website for the open-source MySQL database was hacked and used to serve malware to visitors Monday.
Security vendor Armorize noticed the problem at around 5 a.m. Pacific Time Monday. Hackers had installed JavaScript code that threw a variety of known browser attacks at visitors to the site, so those with out-of-date browsers or unpatched versions of Adobe Flash, Reader or Java on their Windows PCs could have been infected with malicious software.
By just after 11 a.m., the issue had been cleaned up, said Wayne Huang, Armorize's CEO. He thinks the malicious code was on the site for less than a day.
Huang said that the attackers used the Black Hole exploit kit to attack visitors to the site, but his team had not yet figured out what the malicious software that it installed was designed to do. Typically, criminals install malware to steal victims' passwords, pop up advertisements for fake antivirus software, or to create botnet computers that can be rented out to others.
Oracle, which manages the MySQL.com project, was still investigating the issue and unable to comment for this story Monday.
- 2