MySql.com serves malware following hack

Oracle site redirected visitors to a malicious site that installed malware on their machines

Following a recent attack on Oracle-owned web site MySql.com recently, the site yesterday began redirecting visitors to another site that attempted to install malware on their machines.

Security firm Armorize noticed the security breach and explained on its blog that the users were infected without needing to click on or install anything, and simply visiting the malicious site was enough.

"The visitor doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection," wrote Armorize researcher Wayne Huang.

This form of attack, which requires nothing more than a visit to an infected web site, is known as a drive-by attack, and is a common tool used by cyber criminals.

In December last year, banner ads from Google and Microsoft were found to be serving malware in the same way.

Attackers often use JavaScript to redirect users to pages that serve them malware.

Security expert Brian Krebs claimed that he had witnessed the access to the MySql.com server being sold on a hacking forum for $3,000 (£1,900).

He explained that the hacker posted stats as to the traffic on the site as part of his sales pitch. More traffic means more users are likely to be infected by the attack.

"The seller points out that mysql.com is a prime piece of real estate for anyone looking to plant an exploit kit. It boasts nearly 12 million visitors per month – almost 400,000 per day – and is ranked the 649th most-visited site by Alexa," wrote Krebs.

Although Oracle has now fixed the problem, Krebs speculated that about 120,000 users could have been infected during the time it was redirecting visitors.

MySql.com is a database platform that Oracle acquired as part of the deal when it bought Sun Microsystems in 2009.