[ISN] MySQL Malware Hack Cost Just $3,000

From: InfoSec News <alerts_at_private>
Date: Wed, 28 Sep 2011 00:27:37 -0500 (CDT)
http://www.informationweek.com/news/security/attacks/231602232

By Mathew J. Schwartz
InformationWeek
September 27, 2011

A security firm warned Monday that the website for downloading the 
popular MySQL open source relational database was infecting PCs via 
drive-by downloads.

Browsers that visited MySQL.com Monday were immediately injected with a 
JavaScript executable, which generated an iFrame that redirected to a 
website hosting the Black Hole crimeware exploit kit. "It exploits the 
visitor's browsing platform (the browser, the browser plugins like Adobe 
Flash, Adobe PDF, etc, Java, ...), and upon successful exploitation, 
permanently installs a piece of malware into the visitor's machine, 
without the visitor's knowledge," according to a blog post written by 
Wayne Huang, CEO of security firm Armorize, which discovered the attack. 
"The visitor doesn't need to click or agree to anything; simply visiting 
mysql.com with a vulnerable browsing platform will result in an 
infection," he said.

By later on Monday, Oracle--which owns MySQL--had apparently disabled 
the attack.

Black Hole, a copy of which can be rented for about $1,500 per year, is 
one of the most widely used crimeware toolkits, which are designed to 
automate the process of exploiting PCs and harvesting financial data. 
"The blackhole exploit pack supports a wide variety of exploits, so the 
actual exploit you get served depends on the platform you use for 
browsing," said Huang. "The [executable] is run by exploiting the 
browser with javascript / flash actionscript / PDF jscript / java 
exploit / etc." Furthermore, it can apparently bypass many attack 
mitigation technologies, including data execution prevention (DEP). 
"Many exploits have the ability to turn DEP off so they'd still work on 
Win7," he said.

[...]


_____________________________________________________________
FINAL CALL to register #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/
Received on Tue Sep 27 2011 - 22:27:37 PDT

This archive was generated by hypermail 2.2.0 : Tue Sep 27 2011 - 22:30:05 PDT