MySQL.com Hacked: Attackers Use BlackHole Exploit Kit to Spread Malware

Cybercriminals are challenging the credibility of a widely-used open source and industry staple, MySQL.com, by hacking their website for the second time in six months.

A fire sale on the black market sold administrative rights into MySQL.com's website to hackers for only USD$3,000. The hack redirected the highly trafficked website of MySQL.com to a malicious domain housing a Trojan downloader (mwjs159) engineering a BlackHole browser exploit. Trojan downloaders only require a visit to where it is housed to download and install its venomous program.

The Black Hole exploit kit is based on a PHP and MySQL backend and targets systems running Windows. Exploiting browsers and plugins like Adobe Flash and Java, the kit allows malware makers to choose a language interface and use custom algorithms to change payload file and parameters to elude anti-virus programs. The kit also uses the Java OBE (Open Business Engine) to both spread exploits and load the venomous executable to the victim's PC. Once a PC user clicks on the iframe, they're redirected to download a JAR file with a URL parameter so it can be linked with an HTTP GET parameter, which is used to download other malicious files. This kit is quite dangerous and sophisticated, and is usually rented than sold.

Trojan mwjs159 spreads when the infected PC accesses restricted FTP clients (using the HTTP GET parameter) and can inflict additional but common threats like these:

• Steal vital data stored on a PC and communicate to a hacker.
• Harvest email addresses attached to email accounts and communicate to a hacker.
• Allow a hacker to tweak malware to counter combative efforts by the Internet security community.
• Allow hacker secret administrative control of the infected PC so he can distribute a DNS attack or launch a mass email spam campaign.

Understanding that the MySQL community is mostly comprised of developers and wanna-be-programmers (okay, enthusiasts), one could assume the risk minimal, that is if you believe all techies practice what they preach. But there is more at stake here – the reputation of Javascript, MySQL and owner Oracle Corp.

Open source software might be free, but if continually compromised, users will be forced to weigh the hidden cost of malware it too brings? Even more, developers that rely on the popular open source software need to consider the security of clients and the networks that rely on Javascript or MySQL-based applications.

Earlier this year, President Obama reportedly cited $8 billion as being the amount stolen from US households by cybercriminals over a two-year period. If this is true, cybercrime profits may have exceeded that of illegal drug trafficking. This greed is fueling cybercriminals, who vigorously study human behavior and look for flaws in software and hardware to exploit. This overzealous effort is keeping the Internet security community on its toes and requires the joint effort of machine and user to combat this ongoing problem.

Therefore, true security demands PC users install stealth anti-malware protection and practice safe online habits when using the web. Equally important is the need for software developers and companies to be quick to repair or patch vulnerabilities allowing exploits such as the one used in the MySQL.com hack.