Mysql.com Hacked
Am Tuesday, 27. Sep 2011 im Topic 'News'
How Does The Injection Works
Step 1: http://www.mysql.com
Causes the visiting browser to load the following:
Step 2: http://mysql.com/common/js/s_code_remote.js?ver=20091011 ( Don't Visit Now )
This is the injection point. you can find the entire content of the .js file here.
The Infection Section
http://4.bp.blogspot.com/-WSOXkhEDLQU/ToCO-q6jLkI/AAAAAAAACfU/abyQ5I7fqus/s1600/mysql%2Bhacked%2Bserving%2Bmalware%2B2.png
Step 3: http://falosfax.in/info/in.cgi?5&ab_iframe=1&ab_badtraffic=1&antibot_hash=1255098964&ur=1&HTTP_REFERER=http://mysql.com/
Shows out a 302 redirect to Step 4.
Step 4: http://truruhfhqnviaosdpruejeslsuy.cx.cc/main.php
This domain hosts the BlackHole exploit pack. It exploits the visitor's browsing platform (the browser, the browser plugins like Adobe Flash, Adobe PDF, etc, Java, ...), and upon successful exploitation, permanently installs a piece of malware into the visitor's machine, without the visitor's knowledge. The visitor doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection.
Source
http://blog.armorize.com/2011/09/mysqlcom-hacked-infecting-visitors-with.html
Step 1: http://www.mysql.com
Causes the visiting browser to load the following:
Step 2: http://mysql.com/common/js/s_code_remote.js?ver=20091011 ( Don't Visit Now )
This is the injection point. you can find the entire content of the .js file here.
The Infection Section
http://4.bp.blogspot.com/-WSOXkhEDLQU/ToCO-q6jLkI/AAAAAAAACfU/abyQ5I7fqus/s1600/mysql%2Bhacked%2Bserving%2Bmalware%2B2.png
Step 3: http://falosfax.in/info/in.cgi?5&ab_iframe=1&ab_badtraffic=1&antibot_hash=1255098964&ur=1&HTTP_REFERER=http://mysql.com/
Shows out a 302 redirect to Step 4.
Step 4: http://truruhfhqnviaosdpruejeslsuy.cx.cc/main.php
This domain hosts the BlackHole exploit pack. It exploits the visitor's browsing platform (the browser, the browser plugins like Adobe Flash, Adobe PDF, etc, Java, ...), and upon successful exploitation, permanently installs a piece of malware into the visitor's machine, without the visitor's knowledge. The visitor doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection.
Source
http://blog.armorize.com/2011/09/mysqlcom-hacked-infecting-visitors-with.html