MySQL.com, a website for the MySQL database, was hacked this Monday by hackers. The hackers delivered malicious malware to users who visited the website. The black hole exploit attacks users older and non updated browsers and non patched versions of Adobe Flash and Java. The user does not need to download or click anything. By visiting the website is enough to infect the visitors computer. The company’s security provider, Armorize, found out about the breach early in the morning and shortly after cleaned up the malicious java script code. The is just one of many string of malicious attacks on open source websites. In the past recent months other websites such as Kernel.org and Linux.com were also attacked. The criminals have stolen usernames and passwords and ran pop up spam to install fake antivirus software and steal personal information. Oracle, who manages MySQL.com, are still investigating the situation and have not commented on the attack. MySQL.com is estimated to be visited by over 34,000 unique daily visitors and has over 100,000 page views daily.
What is even more concerning is that a Russian underground hacker named sourcec0de has been selling administrator access passwords to MySQL.com for $3000. The post was made on a Russian underground forum a few days ago and before Armorize realized a breach on the website.
What is amazing to me is how there are always people that want to do harm no matter what. I don’t mean harm physically but by stealing. Identity theft is no joke. My father and other friends of mine have gone through it. My father went through getting his credit ruined for some time because someone in another state had all his info and made various and expensive purchases while opening different credit lines with his name. Luckily it got sorted out for him but it took over a year for him to get his name cleared from those fraudulent purchases and for the credit companies to clear his credit report.
I believe it is easier to steal online because you never meet or see the person online however you do hurt their life. Honest people get hurt by these attacks. There could be small business owners or just casual online people that browsed MySQL.com and may have had their computers infected. It will now take victims time and money to get either their computers fixed or worse their credit fixed. The fact that a russian forum posted online administrator access to the site for sale means there is intention to do harm or steal. It sucks for all of us that we can not trust people and always have to be protective of ourselves and our personal possessions.
McMillan, Robert. “MySQL.com Hacked to Serve Malware | PCWorld Business Center.” Reviews and News on Tech Products, Software and Downloads | PCWorld. 26 Sept. 2011. Web. 10 Oct. 2011