MySQL.com web site hit by drive-by attack

The popular MySQL.com web site has been hacked and used to serve malware in a drive-by attack designed to infect web users running unpatched browsers.

The site, which is the front-end for the Oracle-owned "world's most popular open source database", attracts over 100,000 visitors a day, so is a perfect target for a drive-by-style attack.

Wayne Huang, chief executive at security vendor Armorize, explained on the firm's blog that the malware compromises the victim's PC and directs it to a BlackHole exploit pack.

"It exploits the visitor's browsing platform (the browser, the browser plug-ins like Adobe Flash, Adobe PDF, Java, etc) and, on successful exploitation, permanently installs a piece of malware without the visitor's knowledge," he said.

"The visitor doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection."

Huang warned that just four out of 44 vendors on Virus Total can detect the malware.

It is not known whether the attack was designed to steal personal information, infect PCs to recruit them into a botnet or other reasons, although it appears that the issue has now been addressed.

In a potentially related revelation, researchers at Trend Micro uncovered a hacker in an underground Russian forum with the handle 'sourcec0de' who was "offering root access to some of the cluster servers of mysql.com and its subdomains" from $3,000 upwards.

The news comes just a fortnight after the web sites of fellow open source platform Linux were taken down by an attack, most likely as a result of an intrusion on Kernel.org at the end of August.