+- howtothings.co.uk (https://www.howtothings.co.uk)
+-- Forum: Open Discussion (https://www.howtothings.co.uk/forumdisplay.php?fid=5)
+--- Forum: The Lounge (https://www.howtothings.co.uk/forumdisplay.php?fid=18)
+--- Thread: MySQL.com hacked and was serving malware (/showthread.php?tid=1056)
MySQL.com hacked and was serving malware - Mark - 03-10-2011
MySQL.com hacked and was serving malware
I've not got this post up as fast as I'd have liked.. so I'm just going to give you a brief overview.
- The MySQL.com front page was compromised and had a malicious iframe injected in to it which linked to a malicious site which hosted a blackHole exploit "pack" that probes for known browser and plugin weaknesses and then stealthily installs malware on the visitor's PC.
- The exploit didn't required any interaction or confirmation from the user.
- Two different trojans were detected being sent to users, Troj/WndRed-C and Troj/Agent-TNV
- Because of the nature of the iframe attack, and the redirect chain the attackers could have easily varied the payload.
Security blogger Brian Krebs reports that he had seen a post last week on a Russian hacker forum by a member offering to sell root access MySQL.com for $3,000.
Below you can see a video of the attack in action.
Check out an in-depth view of the code and more from the link below
http://blog.armorize.com/2011/09/mysqlcom-hacked-infecting-visitors-with.html
RE: MySQL.com hacked and was serving malware - windows 7 was my idea - 03-10-2011
very very interesting thanks for the share i can't believe that its crazy.
RE: MySQL.com hacked and was serving malware - Drumm - 03-10-2011
*didn't require