MySQL.com was hacked on September 26th, 2011. A javascript file on the website was modified in order to spread malware to visitors. Code in the javascript file redirected visitors to a malicious website which then attempts to run a file called “main.php”.
MySQL.com is now fixed and visitors are currently in no danger of being exposed to malware. The javascript file in question has been restored to its previous state so that users to the website are not redirected to download the malicious .php file. Detailed analysis of the malicious file can be found here.
There are reports that a hacker on a Russian forum offered full access to the MySQL.com website in exchange for $3,000. The hacker was selling access to the site roughly a week before the MySQL.com hack was discovered. It may be possible that someone purchased the MySQL.com exploit from the hacker and the recent website hack is the result.
This is yet another major website to fall victim to hacking including the second hack of MySQL.com this year. In March 2011, MySQL.com was reportedly hacked and user account information was stolen. The stolen information was provided to other hackers on the internet and may have assisted in yesterday’s hack.
The purpose of this latest MySQL.com hack was to install malware. Other major website hacks that have occurred recently, including InMotion Hosting Hack, involve the defacing of websites.
Malware is a widespread problem throughout the internet. Malware installs botnet access, advertising banner, browser redirects and much more. Sometimes a user may not even know that they have been infected with Malware. Malware is known to be the leading cause of computers becoming part of a botnet. A botnet is a combination of hijacked computers used to hack website, spread spam and more.
As more information about this recent MySQL.com hack is revealed, we will update this post.
