Fwd: Headsup ! MySQL.com Serves Malware

From: John Aldrich 
------------------------------------------------------
FYI, I saw this on another list... thought I'd pass it along...

----------  Forwarded Message  ----------

Subject: Headsup ! MySQL.com Serves Malware
Date: Mon September 26 2011, 5:11:10 PM
From: Stu Sjouwerman 
To: "NT System Admin Issues" 

MySQL.com Sold for $3k, Serves Malware

Warm regards,
Stu

http://krebsonsecurity.com/2011/09/mysql-com-sold-for-3k-serves-malware/

A security firm revealed today that mysql.com, the 
central repository for
widely-used Web database software, was hacked and booby-trapped to serve
visitors with malicious software. This disclosure caught my eye because 
just a
few days ago I saw evidence that administrative access to 
mysql.com was being
sold on the hacker underground for just $3,000.

Web security firm Armorize stated in its blog that 
mysql.com was poisoned with a
script that invisibly redirects visitors to a Web site that uses the 
BlackHole
exploit pack, an automated exploit toolkit that probes visiting browsers 
for a
variety of known security holes.

"It exploits the visitor's browsing platform (the browser, the browser 
plugins
like Adobe Flash, Adobe PDF, etc, Java, ...), and upon successful 
exploitation,
permanently installs a piece of malware into the visitor's machine, without 
the
visitor's knowledge," say the researchers. "The visitor doesn't need to 
click or
agree to anything; simply visiting mysql.com with a 
vulnerable browsing platform
will result in an infection."


Late last week, I was lurking on a fairly exclusive Russian hacker forum 
and
stumbled upon a member selling root access to mysql.com. 
As part of his pitch,
which was published on the criminal forum Sept. 21, the seller called 
attention
to the site's daily and monthly stats, and posted screen shots of a root 
login
prompt in a bid to prove his wares.

The seller, ominously using the nickname "sourcec0de," points out that 
mysql.com
is a prime piece of real estate for anyone looking to plant an exploit kit: 
It
boasts nearly 12 million visitors per month -- almost 400,000 per day -- 
and is
ranked the 649th most-visited site by Alexa (Alexa currently rates it at 
637).

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: http://lyris.sunbelt-
software.com/read/my

=============================================================== From: Ryan Bales ------------------------------------------------------ mysql.com delivering malicious software... Isn't that redundant? ~Ryan Bales

=============================================================== From: Lisa Ridley ------------------------------------------------------ I thought that was just Oracle in general=85.:/ wrote: http://krebsonsecurity.com/2011/09/mysql-com-sold-for-3k-serves-malware/ serve because browsers without to forum mysql.com. root kit: -- at

=============================================================== From: Stephen Kraus ------------------------------------------------------ This is news? wrote: without kit:

=============================================================== From: Adam Jimerson ------------------------------------------------------ No but the fact that it took Oracle this long to relicense MySQL is news, figured that would have been one of the first things they did (besides adding alot of bugs and security holes). Source http://monty-says.blogspot.com/2011/09/oracle-adding-close-source-extensions.html