MySQL Website Compromised to Inject Malware{3}


by Daniel L
Database management systems are an integral part of many products and services that are offered over the World Wide Web.  MySQL, one of the most common open source database management systems and key component of the LAMP software  stack, caught the attention of hackers on Monday, September 26, 2011.  According to security vendor, Armorize, the  hacker used JavaScript code to inject malicious software onto Windows PC users who visited the MySQL website between the hours of 5 a.m. to 11 a.m. Pacific Time Monday.  Armorize also stated that the particular method that was used to attack website visitors is known as the Black Hole exploit kit; however, there is no indication of what the malware was designed to do.  This is not the first time that the MySQL website has been hacked, they were hit earlier in the year, as well as other open source websites such as Linux.com and Kernel.org.  A hacker on a Russian forum using the alias, sourcec0de, claims to have full permissions and administrative rights to the MySQL servers, and he is even willing to sell root access for $3,000.  Although, it is unclear if the hacker had root access, he posted screenshots which showed that the MySQL web servers were indeed compromised.

In class we discussed how a database management system (DBMS) is a type of software system that allows us to create and maintain our data in a centralized location, known as a database.  The biggest advantage when using a DBMS is providing multiple users a way of accessing a number of databases and retrieving important data with ease.  This is where MySQL comes in as a popular choice for numerous web applications and websites.  I was quite intrigued when I discovered that the MySQL website was compromised.  MySQL is used across various popular websites around the world, and when I heard the news of JavaScript injection through Oracle’s MySQL website, I started to worry that this attack might not only be limited to the MySQL website, but other websites which use MySQL as their DBMS.

If hackers are able to get root access to sites like MySQL, what stops them from gaining access to other sites which use MySQL databases like YouTube and Facebook.  Security is extremely important when dealing with databases that hold a wealth of data, and if there is a compromise of some sort, the outcome can be disastrous.  Considering that this is the second time the MySQL website is getting hacked in the same year, these security issues are very serious, and if they aren’t rectified, the website will remain an easy target for future hacking attempts.

McMillan, R. (2011, September 26). MySQL.com Hacked to Serve Malware. Retrieved October 2, 2011, from http://www.pcworld.com/businesscenter/article/240609/mysqlcom_hacked_to_serve_malware.html