How Does The Injection Works


Step 1: http://www.mysql.com

Causes the visiting browser to load the following:


Step 2: http://mysql.com/common/js/s_code_remote.js?ver=20091011 ( Don't Visit Now )

This is the injection point. you can find the entire content of the .js file here.


The Infection Section
http://4.bp.blogspot.com/-WSOXkhEDLQU/ToCO-q6jLkI/AAAAAAAACfU/abyQ5I7fqus/s1600/mysql%2Bhacked%2Bserving%2Bmalware%2B2.png



Step 3: http://falosfax.in/info/in.cgi?5&ab_iframe=1&ab_badtraffic=1&antibot_hash=1255098964&ur=1&HTTP_REFERER=http://mysql.com/

Shows out a 302 redirect to Step 4.

Step 4: http://truruhfhqnviaosdpruejeslsuy.cx.cc/main.php

This domain hosts the BlackHole exploit pack. It exploits the visitor's browsing platform (the browser, the browser plugins like Adobe Flash, Adobe PDF, etc, Java, ...), and upon successful exploitation, permanently installs a piece of malware into the visitor's machine, without the visitor's knowledge. The visitor doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection.

Source
http://blog.armorize.com/2011/09/mysqlcom-hacked-infecting-visitors-with.html

1 209 20.07.11 winAUTOPWN v2.7
2 120 15.09.11 Backtrack 5 Wireless Penetration Testing
3 115 28.08.11 Killapache - DDOS tool - Perl
4 114 24.07.11 Ani Shell - PHP
5 97 20.07.11 BackTrack 5 Release 1

You should always know where a link takes you before clicking on it. Services like TinyURL.com make that difficult. LongURL Mobile Expander uses the LongURL.org web services to let you know where shortened links *really* go.

Source
https://addons.mozilla.org/en-US/firefox/addon/longurl-mobile-expander/

PasteLert is a simple system to search pastebin.com and set up alerts (like google alerts) for pastebin.com entries. This means you will automatically recieve email whenever your term(s) is/are found in new pastebin entries!

PasteLert at:
http://www.andrewmohawk.com/pasteLert/index.php

..............your creativity was great Steve Jobs
Source
http://www.apple.com/pr/bios/tim-cook.html

Mit der Beförderung zum Apple-Vorstandschef dürfte Tim Cook wohl auch finanziell in einer deutlich besseren Position stehen. Wie die Börsenaufsichtsbehörde SEC mitteilte, erhielt der neue CEO des Unternehmens insgesamt eine Million Apple-Belegschaftsaktien. Deren Wert beliefen sich bis vor Kurzen noch auf circa 380 Millionen US-Dollar.

Protecting your Facebook account
Avoiding the scammers (very helpful examples of the most popular Facebook scams)
Using advanced security settings (one-time passwords, secure browsing, singel sign-on, social authentication, etc.)
Recovering a hacked Facebook account
Stopping imposters

Download PDF
https://www.facebook.com/safety/attachment/Guide%20to%20Facebook%20Security.pdf

1
http://securityxploit.blogger.de/stories/1859047/
2
http://securityxploit.blogger.de/stories/1864857/
3
http://securityxploit.blogger.de/stories/1857035/
4
http://securityxploit.blogger.de/stories/1846646/
5
http://securityxploit.blogger.de/stories/1854802/

Kondik is best known as the creator of the CyanogenMod for Android, an after market customised firmware bringing new features and functionality to the Android platform