I received an alert this afternoon that actually took me by surprise.
A security firm revealed today that mysql.com, the
central repository for widely-used Web database software, was hacked and
booby-trapped to serve visitors with malicious software. The disclosure
caught my eye because just a few days ago I saw evidence that
administrative access to mysql.com was being sold on the hacker
underground for just $3,000.
This wasn’t idiot malware either where people are conned into a dialog box.
Web security firm Armorize stated in its blog that mysql.com was poisoned with a script that invisibly redirects visitors to a Web site that uses the BlackHole exploit pack, an automated exploit toolkit that probes visiting browsers for a variety of known security holes.
“It exploits the visitor’s browsing platform (the browser, the
browser plugins like Adobe Flash, Adobe PDF, etc, Java, …), and upon
successful exploitation, permanently installs a piece of malware into
the visitor’s machine, without the visitor’s knowledge,” say the
researchers. “The visitor doesn’t need to click or agree to anything;
simply visiting mysql.com with a vulnerable browsing platform will
result in an infection.”
This type of exploit is still easily defensible by using the proper browsing plugins, such as no-script, ad-block, and making sure they are a default deny state. Remember that just because you trust a site today doesn’t make it trustworthy tomorrow. Be cautious and be aware. Condition yellow applies to the internet just as it does in reality.
If you can do your web browsing through a VM you might want to do exactly that. I did do that for a long time but eventually laziness won since it didn’t actually get me much in the way of extra security. I’ve seen how easily something can go bad without doing anything questionable. I had malware, which was thankfully caught, that tried to install itself when I clicked to look at a screen shot of an upcoming game on a Google image search.
If you’ve been to MySQL.com recently make sure to check your machine out. I have a feeling this attack was targeted like it did because most of the people who visit that site are likely to have elevated privileges on other systems. While most of those visitors will be security savvy, many also would have likely been trusting due to who the host was.
Barron is the owner, editor, and principal author at The Minuteman, a competitive shooter, and staff member for Boomershoot. Even in his free time he’s merging his love and knowledge of computers and technology with his love of firearms.
He has a BS in electrical engineering from Washington State University. Immediately after college he went into work on embedded software and hardware for use in critical infrastructure. This included cryptographic communications equipment as well as command and control devices that were using that communications equipment. Since then he’s worked on just about everything ranging from toys, phones, other critical infrastructure, and even desktop applications. Doing everything from hardware system design, to software architecture, to actually writing software that makes your athletic band do its thing.