Hackers turn MySQL.com into malware launchpad

Pretty embarrassing for Oracle and MySQL:

Web security firm Armorize reported in its blog today that the MySQL.com website has been turned into a launchpad for serving up malware attacks. Visitors to the home page of the site are hit with a JavaScript injection attack that has been planted on the site. The script opens an IFRAME to a malicious site, which in turn launches a BlackHole exploit “pack” that probes for known browser and plugin weaknesses and then stealthily installs malware on the visitor’s PC. There’s no warning button or action required by the user other than visiting the site to trigger the download.

via Hackers turn MySQL.com into malware launchpad.

Be Sociable, Share!

Leave a Reply