14 DAY TRIAL // The number one MySql resources website was hacked and injected with a piece of malware that downloaded and installed itself on the victim machine without any interaction required from the user.
This is not the first time they've been hit this year, but it seems that they just don't want to learn from their mistakes. The scale of the problem is best described by the fact that the webpage has a few hundred thousand visitors each day, which means that in the infection time frame it's very likely that a large number of devices became infected.
Armorize was the first to discover the hack and they described the infection chain as starting with the home page immediately loading a js file that after two redirects, takes the victim to a location containing a BlackHole exploit pack.
If the visitor's browsing platform is unsecured, the exploit pack permanently installs a piece of malware. The worst thing about this form of exploitation is that the victim doesn't even realize what's happening as he “doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection.”
After the compromised website was discovered, Bryan Krebs stated that last week he stumbled upon what seemed to be an open bid for administrative rights to mysql.com on an underground Russian hacker forum.
“As part of his pitch, which was published on the criminal forum Sept. 21, the seller called attention to the site’s daily and monthly stats, and posted screen shots of a root login prompt in a bid to prove his wares,” Krebs revealed on his personal blog.
“He offered to sell remote access to the first person who paid him at least USD $3,000 (€2100) via the site’s escrow service, which guarantees that both parties are satisfied with the transaction before releasing the funds.“
The page appears to be clean now, but if they don't get their security buffed up, these incidents will not be rare. When you own a website with so many members and visitors, you need to take extra precautions to make sure their virtual possessions will not be harmed because of you.
So far, no official statement was released regarding the attack.