Armorize, the web security vendor, meanwhile, says that the hackers poisoned the MySQL.com site with a background script that automatically redirected visitors to a malware-serving computer, with the BlackHole exploit being distributed.
Krebs, meanwhile, has posted a screen shot of a Russian cybercrime forum with an advert apparently offering admin level access to the MySQL.com site for $3,000.00.
“The seller, ominously using the nickname “sourcec0de,” points out that mysql.com is a prime piece of real estate for anyone looking to plant an exploit kit: It boasts nearly 12 million visitors per month - almost 400,000 per day - and is ranked the 649th most-visited site by Alexa (Alexa currently rates it at 637)”, he notes in his latest security posting.
“The ultimate irony of this attack is that the owner of mysql.com is Oracle Corp., which also owns Java, a software suite that I have often advised readers to avoid due to its numerous security and update problems. As I’ve noted in several blog posts, Java exploits are the single most effective attacks used by exploit kits like BlackHole: Currently, four out of nine of the exploits built into BlackHole attack Java vulnerabilities”, he adds.
Over at Outpost24, the IT security vendor, meanwhile, Aziz Maakaroun, the firm's managing partner, said that, given the high number of visitors MySQL.com attracts each day, news that the site has been compromised is particularly worrying, with potentially wide ranging implications for many innocent site users.
“Depending on what malware the hacker chose to distribute through the site, victims could have had their passwords stolen, their computers altered to display pop-up ads or even co-opted into a botnet without their knowledge”, he said.
“It’s only a matter of months since MySQL.com was last targeted by hackers, so you would have thought that the site would have taken security more seriously following the first breach it suffered in March 2011. This just goes to show just how challenging it is for an organisation - even a technically savvy one like MySQL.com - to keep its systems watertight”, he added.
Maakaroun went on to say that, to improve their defences, it is vital that all organisations take more proactive steps to protect not only their own websites against malware, but also the PCs of users visiting their sites.
“Without these measures, they risk undermining the trust that the public places in them. Easy-to-run tools are available which scan the perimeter of websites to discover and patch vulnerabilities before they can be exploited by hackers. This year has been characterised by large scale data breaches, and it is high time that organisations did more to protect themselves from the vagaries of cybercriminals,” he explained.